diff --git a/src/Resources/ResourceManager/Implementation/Policy/GetAzurePolicyDefinition.cs b/src/Resources/ResourceManager/Implementation/Policy/GetAzurePolicyDefinition.cs index 651b059426e0..8da64ad6c76a 100644 --- a/src/Resources/ResourceManager/Implementation/Policy/GetAzurePolicyDefinition.cs +++ b/src/Resources/ResourceManager/Implementation/Policy/GetAzurePolicyDefinition.cs @@ -15,6 +15,7 @@ namespace Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation { using Microsoft.Azure.Commands.ResourceManager.Cmdlets.Components; + using Microsoft.Azure.Commands.ResourceManager.Cmdlets.Entities.ErrorResponses; using Microsoft.Azure.Commands.ResourceManager.Cmdlets.Extensions; using Microsoft.Azure.Commands.ResourceManager.Common; using Newtonsoft.Json.Linq; @@ -110,15 +111,35 @@ private async Task> GetResources() if (!string.IsNullOrEmpty(ResourceIdUtility.GetResourceName(resourceId))) { - var resource = await this - .GetResourcesClient() - .GetResource( - resourceId: resourceId, - apiVersion: apiVersion, - cancellationToken: this.CancellationToken.Value) - .ConfigureAwait(continueOnCapturedContext: false); - ResponseWithContinuation retVal; - return resource.TryConvertTo(out retVal) && retVal.Value != null + JObject resource; + try + { + resource = await this + .GetResourcesClient() + .GetResource( + resourceId: resourceId, + apiVersion: apiVersion, + cancellationToken: this.CancellationToken.Value) + .ConfigureAwait(continueOnCapturedContext: false); + } + catch (ErrorResponseMessageException ex) + { + if (!ex.Message.StartsWith("PolicyDefinitionNotFound", StringComparison.OrdinalIgnoreCase)) + { + throw; + } + + resourceId = this.GetBuiltinResourceId(); + resource = await this + .GetResourcesClient() + .GetResource( + resourceId: resourceId, + apiVersion: apiVersion, + cancellationToken: this.CancellationToken.Value) + .ConfigureAwait(continueOnCapturedContext: false); + } + + return resource.TryConvertTo(out ResponseWithContinuation retVal) && retVal.Value != null ? retVal : new ResponseWithContinuation { Value = resource.AsArray() }; } @@ -141,5 +162,13 @@ private string GetResourceId() { return this.Id ?? this.MakePolicyDefinitionId(this.ManagementGroupName, this.SubscriptionId, this.Name); } + + /// + /// Gets the resource Id assuming the name is for a builtin + /// + private string GetBuiltinResourceId() + { + return $"/{Constants.Providers}/{Constants.MicrosoftAuthorizationPolicyDefinitionType}/{this.Name}"; + } } } diff --git a/src/Resources/ResourceManager/Implementation/Policy/GetAzurePolicySetDefinition.cs b/src/Resources/ResourceManager/Implementation/Policy/GetAzurePolicySetDefinition.cs index 7c67b1195c5f..4ad74cadb00c 100644 --- a/src/Resources/ResourceManager/Implementation/Policy/GetAzurePolicySetDefinition.cs +++ b/src/Resources/ResourceManager/Implementation/Policy/GetAzurePolicySetDefinition.cs @@ -15,6 +15,7 @@ namespace Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation { using Microsoft.Azure.Commands.ResourceManager.Cmdlets.Components; + using Microsoft.Azure.Commands.ResourceManager.Cmdlets.Entities.ErrorResponses; using Microsoft.Azure.Commands.ResourceManager.Cmdlets.Extensions; using Microsoft.Azure.Commands.ResourceManager.Common; using Newtonsoft.Json.Linq; @@ -110,15 +111,35 @@ private async Task> GetResources() if (!string.IsNullOrEmpty(ResourceIdUtility.GetResourceName(resourceId))) { - var resource = await this - .GetResourcesClient() - .GetResource( - resourceId: resourceId, - apiVersion: apiVersion, - cancellationToken: this.CancellationToken.Value) - .ConfigureAwait(continueOnCapturedContext: false); - ResponseWithContinuation retVal; - return resource.TryConvertTo(out retVal) && retVal.Value != null + JObject resource; + try + { + resource = await this + .GetResourcesClient() + .GetResource( + resourceId: resourceId, + apiVersion: apiVersion, + cancellationToken: this.CancellationToken.Value) + .ConfigureAwait(continueOnCapturedContext: false); + } + catch (ErrorResponseMessageException ex) + { + if (!ex.Message.StartsWith("PolicySetDefinitionNotFound", StringComparison.OrdinalIgnoreCase)) + { + throw; + } + + resourceId = this.GetBuiltinResourceId(); + resource = await this + .GetResourcesClient() + .GetResource( + resourceId: resourceId, + apiVersion: apiVersion, + cancellationToken: this.CancellationToken.Value) + .ConfigureAwait(continueOnCapturedContext: false); + } + + return resource.TryConvertTo(out ResponseWithContinuation retVal) && retVal.Value != null ? retVal : new ResponseWithContinuation { Value = resource.AsArray() }; } @@ -141,5 +162,13 @@ private string GetResourceId() { return this.Id ?? this.MakePolicySetDefinitionId(this.ManagementGroupName, this.SubscriptionId, this.Name); } + + /// + /// Gets the resource Id assuming the name is for a builtin + /// + private string GetBuiltinResourceId() + { + return $"/{Constants.Providers}/{Constants.MicrosoftAuthorizationPolicySetDefinitionType}/{this.Name}"; + } } } diff --git a/src/Resources/ResourceManager/Implementation/Policy/PolicyCmdletBase.cs b/src/Resources/ResourceManager/Implementation/Policy/PolicyCmdletBase.cs index 4bb31539d762..c8ff86927516 100644 --- a/src/Resources/ResourceManager/Implementation/Policy/PolicyCmdletBase.cs +++ b/src/Resources/ResourceManager/Implementation/Policy/PolicyCmdletBase.cs @@ -88,7 +88,7 @@ protected PSObject[] GetFilteredOutputObjects(string resourceType, ListFilter fi return true; } - var policyType = result.GetPSObjectProperty("Properties.policyType"); + var policyType = ((PSObject)result.Properties["Properties"].Value).Properties["policyType"].Value; return policyType == null || string.Equals(policyType.ToString(), filter.ToString(), StringComparison.OrdinalIgnoreCase); }; diff --git a/src/Resources/Resources.Test/ScenarioTests/PolicyTests.cs b/src/Resources/Resources.Test/ScenarioTests/PolicyTests.cs index 5d1cd3c2aa74..9198f1b86ee7 100644 --- a/src/Resources/Resources.Test/ScenarioTests/PolicyTests.cs +++ b/src/Resources/Resources.Test/ScenarioTests/PolicyTests.cs @@ -115,6 +115,20 @@ public void TestPolicyDefinitionWithUri() TestRunner.RunTestScript("Test-PolicyDefinitionWithUri"); } + [Fact] + [Trait(Category.AcceptanceType, Category.CheckIn)] + public void TestGetCmdletFilterParameter() + { + TestRunner.RunTestScript("Test-GetCmdletFilterParameter"); + } + + [Fact] + [Trait(Category.AcceptanceType, Category.CheckIn)] + public void TestGetBuiltinsByName() + { + TestRunner.RunTestScript("Test-GetBuiltinsByName"); + } + [Fact] [Trait(Category.AcceptanceType, Category.CheckIn)] public void TestGetPolicyAssignmentParameters() diff --git a/src/Resources/Resources.Test/ScenarioTests/PolicyTests.ps1 b/src/Resources/Resources.Test/ScenarioTests/PolicyTests.ps1 index b59ccfcc8c00..0a76a2c90441 100644 --- a/src/Resources/Resources.Test/ScenarioTests/PolicyTests.ps1 +++ b/src/Resources/Resources.Test/ScenarioTests/PolicyTests.ps1 @@ -658,9 +658,6 @@ function Test-PolicyDefinitionCRUDAtManagementGroup Assert-NotNull($actual.Properties.PolicyRule) Assert-AreEqual $expected.Properties.Mode $actual.Properties.Mode - # make sure it can't be retrieved at default subscription level - Assert-ThrowsContains { Get-AzureRMPolicyDefinition -Name $policyName } "PolicyDefinitionNotFound : The policy definition '$policyName' could not be found." - # update the same policy definition, get it back and validate the new properties $actual = Set-AzureRMPolicyDefinition -Name $policyName -ManagementGroupName $managementGroup -DisplayName testDisplay -Description $updatedDescription -Policy ".\SamplePolicyDefinition.json" -Metadata $metadata $expected = Get-AzureRMPolicyDefinition -Name $policyName -ManagementGroupName $managementGroup @@ -741,9 +738,6 @@ function Test-PolicySetDefinitionCRUDAtManagementGroup Assert-AreEqual $expected.PolicySetDefinitionId $actual.PolicySetDefinitionId Assert-NotNull($actual.Properties.PolicyDefinitions) - # make sure it can't be retrieved at default subscription level - Assert-ThrowsContains { Get-AzureRMPolicySetDefinition -Name $policySetDefName } "PolicySetDefinitionNotFound : The policy set definition '$policySetDefName' could not be found." - # update the policy set definition, get it back and validate $expected = Set-AzureRMPolicySetDefinition -Name $policySetDefName -ManagementGroupName $managementGroup -DisplayName testDisplay -Description $updatedDescription $actual = Get-AzureRMPolicySetDefinition -Name $policySetDefName -ManagementGroupName $managementGroup @@ -808,6 +802,48 @@ function Test-PolicySetDefinitionCRUDAtSubscription Assert-AreEqual True $remove } +function Test-GetCmdletFilterParameter +{ + # policy definitions + $builtins = Get-AzureRmPolicyDefinition -Builtin + $builtins | %{ Assert-AreEqual $_.Properties.PolicyType "Builtin" } + + $custom = Get-AzureRmPolicyDefinition -Custom + $custom | %{ Assert-AreEqual $_.Properties.PolicyType "Custom" } + + $all = Get-AzureRmPolicyDefinition + Assert-AreEqual ($builtins.Count + $custom.Count) $all.Count + + # policy set definitions + $builtins = Get-AzureRmPolicySetDefinition -Builtin + $builtins | %{ Assert-AreEqual $_.Properties.PolicyType "Builtin" } + + $custom = Get-AzureRmPolicySetDefinition -Custom + $custom | %{ Assert-AreEqual $_.Properties.PolicyType "Custom" } + + $all = Get-AzureRmPolicySetDefinition + Assert-AreEqual ($builtins.Count + $custom.Count) $all.Count +} + +function Test-GetBuiltinsByName +{ + # policy definitions + $builtins = Get-AzureRmPolicyDefinition -Builtin + foreach ($builtin in $builtins) + { + $definition = Get-AzureRmPolicyDefinition -Name $builtin.Name + Assert-AreEqual $builtin.ResourceId $definition.ResourceId + } + + # policy set definitions + $builtins = Get-AzureRmPolicySetDefinition -Builtin + foreach ($builtin in $builtins) + { + $setDefinition = Get-AzureRmPolicySetDefinition -Name $builtin.Name + Assert-AreEqual $builtin.ResourceId $setDefinition.ResourceId + } +} + <# The following section contains tests for each cmdlet that validate as many combinations of parameters as possible/reasonable. Tests for all combinations of parameters are present here @@ -1015,7 +1051,7 @@ function Test-GetPolicyDefinitionParameters Assert-ThrowsContains { Get-AzureRmPolicyDefinition -Name $someName -Id $someId -Custom } $parameterSetError # validate remaining parameter combinations starting with -Id - Assert-ThrowsContains { Get-AzureRmPolicyDefinition -Id $goodId } $policyDefinitionNotFound + $ok = Get-AzureRmPolicyDefinition -Id $goodId Assert-ThrowsContains { Get-AzureRmPolicyDefinition -Id $goodId -ManagementGroupName $someManagementGroup } $parameterSetError Assert-ThrowsContains { Get-AzureRmPolicyDefinition -Id $goodId -SubscriptionId $subscriptionId } $parameterSetError Assert-ThrowsContains { Get-AzureRmPolicyDefinition -Id $goodId -BuiltIn } $parameterSetError @@ -1159,7 +1195,7 @@ function Test-GetPolicySetDefinitionParameters Assert-ThrowsContains { Get-AzureRmPolicySetDefinition -Name $someName -Id $someId -Custom } $parameterSetError # validate remaining parameter combinations starting with -Id - Assert-ThrowsContains { Get-AzureRmPolicySetDefinition -Id $goodId } $policySetDefinitionNotFound + $ok = Get-AzureRmPolicySetDefinition -Id $goodId Assert-ThrowsContains { Get-AzureRmPolicySetDefinition -Id $goodId -ManagementGroupName $someManagementGroup } $parameterSetError Assert-ThrowsContains { Get-AzureRmPolicySetDefinition -Id $goodId -SubscriptionId $subscriptionId } $parameterSetError Assert-ThrowsContains { Get-AzureRmPolicySetDefinition -Id $goodId -BuiltIn } $parameterSetError diff --git a/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestGetBuiltinsByName.json b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestGetBuiltinsByName.json new file mode 100644 index 000000000000..f2eba6a9d2e3 --- /dev/null +++ b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestGetBuiltinsByName.json @@ -0,0 +1,20886 @@ +{ + "Entries": [ + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucz9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "BuiltinFilterParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-request-id": [ + "westus2:8fd0ecff-faa4-413d-bb82-321c8189b4c0" + ], + "x-ms-correlation-request-id": [ + "552ab0dc-f53f-4564-af95-091dee0a8d0c" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204117Z:552ab0dc-f53f-4564-af95-091dee0a8d0c" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:16 GMT" + ], + "Content-Length": [ + "487308" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines without disaster recovery configured\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"ASR-Protect-*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an Function app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"001802d1-4969-4c82-a700-c29c6c6f9bbd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"053d3325-282c-4e5c-b944-24faffd30d77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Data Lake Store\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057ef27e-665e-4328-8ea3-04b3122bd9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL DB Level Audit Setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit DB level audit setting for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit VMs that do not use managed disks\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0868462e-646c-4fe3-9ced-a733534b6a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08b17839-76c6-4015-90e0-33d9d54d219c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit minimum number of owners for subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate more than one subscription owner in order to have administrator access redundancy.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateMoreThanOneOwner\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted VM Disks in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0961003e-5a0a-4549-abde-af6a37f2724d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit resource location matches resource group location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that the resource location matches its resource group location\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"notIn\": [\r\n \"[resourcegroup().location]\",\r\n \"global\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a914e76-4921-4c19-b460-a2d36003525a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an function app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e60b895-3786-45da-8377-9c6b4b6ac5f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11ac78e3-31bc-4f0c-8434-37ab963cea07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the required content to audit that an application is installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"WhitelistedApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WhitelistedApplication\"\r\n },\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"installedApplication\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[Parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit transparent data encryption status\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit transparent data encryption status for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"enabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17k78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1c210e94-a481-4beb-95fa-1571b434fb04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicCompute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d84d5fb-01f6-4d12-ba4f-4a26081d403d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1de7b11d-1870-41a5-8181-507e7c663cfb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enforces a required tag and its value. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e30110a-5ceb-460c-a204-c1c3969c6d62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit provisioning of an Azure Active Directory administrator for SQL server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/administrators\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f314764-cb73-4fc9-b863-8eca98ac36e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected web application in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Web applications without a Web Application Firewall protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\",\r\n \"Microsoft.Web/hostingEnvironments\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201ea587-7c90-41c3-910f-c280ae01cfd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a API app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"224da9fe-0d38-4e79-adb3-0a6e2af942ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of only secure connections to your Redis Cache\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Cache\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22bee202-a82f-4305-9a2a-6d7f44d4dedb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordLength\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordLength\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit configuration of metric alert rules on Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit configuration of metric alert rules on Batch account to enable the required metric\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/alertRules\",\r\n \"existenceScope\": \"Subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\r\n \"equals\": \"[parameters('metricName')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\r\n \"equals\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', field('name'))]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Microsoft IaaSAntimalware extension for Windows Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys a Microsoft IaaSAntimalware extension with a default configuraion when a VM is not configured with the antimalware extension.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of process names to exclude from scanning\"\r\n }\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"false\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Quick\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"7\",\r\n \"metadata\": {\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"120\",\r\n \"metadata\": {\r\n \"description\": \"When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM.\"\r\n }\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2835b622-407b-4114-9198-6f7064cbe0dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Applies a required tag and its default value if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fde8a98-6892-426a-83ba-050e640c0ce0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32133ab0-ee4b-4b44-98d6-042180979d50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid232\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"equals\": \"Allow\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34c877ad-507e-4c82-993e-3452a6e0ad3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Logic Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Logic Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34f95f76-5386-4de7-b824-0d8478470c9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MaximumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MaximumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enablement of encryption of Automation account variables\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is important to enable encryption of Automation account variable assets when storing sensitive data\",\r\n \"metadata\": {\r\n \"category\": \"Automation\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts/variables\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Automation/automationAccounts/variables/isEncrypted\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3657f5a0-770e-44a3-b44e-9431ba1e9735\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Threat Detection is enabled on SQL Servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicStorage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in IoT Hubs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Internet of Things\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Devices/IotHubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"383856f8-de7f-44a2-81fc-e5135b5c2aa4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c1b3629-c8f8-4bf6-862c-037cb9094038\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Log Analytics Agent for Ubuntu VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace\",\r\n \"metadata\": {\r\n \"category\": \"Compute\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\",\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\",\r\n \"14.04.2-LTS\",\r\n \"12.04.5-LTS\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fe37002-5d00-4b37-a301-da09e3a0ca66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit secure transfer to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit requirment of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"404c3081-a854-4457-ae30-26a93ef643f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"428256e6-1fac-4f48-a757-df34c2b3336d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor permissive network access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"permissiveNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44452482-524f-4bf4-b852-0bff7cc4a3ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require SQL Server version 12.0\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures all SQL servers use version 12.0\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/version\",\r\n \"equals\": \"12.0\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46544d7b-1f0d-46f5-81da-5c1351de1b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce automatic OS upgrade with app health checks on VMSS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces usage of automatic OS upgrade with application health checks through health probes, which enables safer rollout by evaluating application health after each OS upgrade batch.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade\",\r\n \"equals\": \"True\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/networkProfile.healthProbe.id\",\r\n \"exists\": \"False\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f0161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible app Whitelisting in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible Application Whitelist configuration will be monitored by Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"applicationWhitelisting\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47a6b606-51aa-4496-8bb7-64b11cf66adc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48893b84-a2c8-4d9a-badf-835d5d1b7d53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Applies a required tag and its default value to resource groups if it is not specified by the user.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d1c04de-2172-403f-901b-90608c35c721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit maximum number of owners for a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateLessThanXOwners\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healty\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f11b553-d42e-4e3a-89be-32ca364cad4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with write permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df82f4f-773a-4a2d-97a2-422a806f1a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in India data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: West India, South India, Central India\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with read permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit the setting of ClusterProtectionLevel property to EncryptAndSign in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].name\",\r\n \"notEquals\": \"Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name\",\r\n \"notEquals\": \"ClusterProtectionLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value\",\r\n \"notEquals\": \"EncryptAndSign\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"617c02be-7f02-4efd-8836-3180d47b6c68\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit missing blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits storage accounts without blob encryption. It only applies to Microsoft.Storage resource types, not other storage providers. Possible network Just In Time access will be monitored by Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"655cb504-bcee-4362-bd4c-402e6aa38759\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a Function app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"664346d9-be92-43fb-a219-d595eeb76a90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a web application from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8450e2-6c61-43b4-be65-62e3a197bffe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization cannot deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that cannot be deployed.\",\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesNotAllowed')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdb9205-3462-4cfc-87d8-16c7860b53f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"EnforcePasswordHistory\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed storage account SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"StorageSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7433c107-6db4-4ad1-b57a-a76dce0154a1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in App Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"752c6934-9bcc-4749-b004-655e676ae2ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor VM Vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"vulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"760a85ff-6162-42b3-8d70-698e268f648c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"IaaSDiagnostics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Diagnostics\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"LinuxDiagnostic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.OSTCExtensions\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c1b1214-f927-48bf-8882-84f0af6588b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e56b49b-5990-4159-a734-511ea19b731c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordMustMeetComplexityRequirements\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit diagnostic setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f89b1eb-583c-429a-8828-af049802c1d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a214f7-d01a-484b-91a9-ed54470c9a6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy SQL DB transparent data encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enables transparent data encryption on SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('fullDbName'), '/current')]\",\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"apiVersion\": \"2014-04-01\",\r\n \"properties\": {\r\n \"status\": \"Enabled\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"value\": \"[field('fullName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing system updates in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Missing security system updates on your servers will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"systemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86b3d65f-7626-441e-b690-81a8b71cff60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"not_installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"not_installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"884b209a-963b-4520-8006-d20cb3c213e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces a required tag and its value on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce3da23-7156-49e4-b145-24f95f9dcb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"StorePasswordsUsingReversibleEncryption\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9297c21d-2ed6-4474-b48f-163f75654ce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in European data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: North Europe, West Europe\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"northeurope\",\r\n \"westeurope\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"94c19f19-8192-48cd-a11b-e37099d3e36b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in United States data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"centralus\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"northcentralus\",\r\n \"southcentralus\",\r\n \"westus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"983211ba-f348-4758-983b-21fa29294869\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9bfe3727-0a17-471f-a2fe-eddd6b668745\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected network endpoints in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network endpoints without a Next Generation Firewall's protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedNetworkEndpoint\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9daedab3-fb2d-461e-b861-71790eead4f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that can be deployed.\",\r\n \"displayName\": \"Allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesAllowed')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a08ec900-254a-4555-9bf5-e42af04b5c5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Service Bus namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1817ec0-a368-432a-8057-8371e17ac6ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a451c1ef-c6ca-483d-87ed-f49761e3ffb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL server level Auditing settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audits the existence of SQL Auditing at the server level\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Desired Auditing setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enabled\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit standard tier of DDoS protection is enabled for a virtual network\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableDDoSProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce encryption on Data Lake Store accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures encryption is enabled on all Data Lake Store accounts\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DataLakeStore/accounts/encryptionState\",\r\n \"equals\": \"Disabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7ff3161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unencrypted SQL servers or databases will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a8bef009-a5c9-4d0f-90d7-6018734e8a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy network watcher when virtual networks are created\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"networkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[field('location')]\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-09-01\",\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"name\": \"[concat('networkWacher_', parameters('location'))]\",\r\n \"location\": \"[parameters('location')]\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with owner permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa633080-8b72-40c4-a2d7-d00c03e80bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Automatic provisioning of security monitoring agent\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Installs security agent on VMs for advanced security alerts and preventions in Azure Security Center. Applies only for subscriptions that use Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"securityAgent\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abcc6037-1fc4-47f6-aac5-89706589be24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'environment' tag value in allowed values\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.environment\",\r\n \"in\": [\r\n \"production\",\r\n \"dev\",\r\n \"test\",\r\n \"staging\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"endpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af6cd1bd-1635-48cb-bde7-5b15693900b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unaudited SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"SQL servers and databases which doesn't have SQL auditing turned on will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"auditing\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af8051bf-258b-44e2-a2bf-165330459f9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible network Just In Time (JIT) access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"jitNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM /etc/passwd file permissions are set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Event Hub namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b278e460-7cfc-4451-8294-cccc40a940d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"AuditSecureProtocol\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AuditSecureProtocol\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs for Search service\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Search\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an API app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b48334a4-911b-4084-b1ab-3e6a4e50b951\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of Azure Active Directory for client authentication in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit usage of client authentication only via Azure Active Directory in Service Fabric\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b54ed75b-3e1a-44ac-a333-05ba39b99ff0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be0a7681-bed4-48dc-9ff3-f0171ee170b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Asia data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastasia\",\r\n \"southeastasia\",\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\",\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Data Lake Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply Diagnostic Settings for Network Security Groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy automatically deploys diagnostic settings to network security groups.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist)\",\r\n \"description\": \"This resource group must already exist\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setbypolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"rgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"storageDeployName\": \"[concat('policyStorage_', uniqueString(parameters('location'), parameters('nsgName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('nsgName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [\r\n \"[variables('storageDeployName')]\"\r\n ],\r\n \"properties\": {\r\n \"storageAccountId\": \"[reference(variables('storageDeployName')).outputs.storageAccountId.value]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('storageDeployName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('rgName')]\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-06-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[concat(parameters('storageprefix'), parameters('location'))]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"location\": \"[parameters('location')]\",\r\n \"tags\": {\r\n \"created-by\": \"policy\"\r\n },\r\n \"scale\": null,\r\n \"properties\": {\r\n \"networkAcls\": {\r\n \"bypass\": \"AzureServices\",\r\n \"defaultAction\": \"Allow\",\r\n \"ipRules\": [],\r\n \"virtualNetworkRules\": []\r\n },\r\n \"supportsHttpsTrafficOnly\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"storageAccountId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[resourceId(parameters('rgName'), 'Microsoft.Storage/storageAccounts',concat(parameters('storagePrefix'), parameters('location')))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('rgName')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb510bfd-1cba-4d9f-a230-cb0976f4bb71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed virtual machine SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for virtual machines.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cccc23c7-8427-4f53-ad12-b6a63eb452b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'department' tag set\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation only if the 'department' tag is set\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags\",\r\n \"containsKey\": \"department\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd8dc879-a2ae-43c3-8211-1877c5755064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Key Vault\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf820ca0-f99e-4f3e-84fb-66e913812d21\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Function Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a Function app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a web application from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd2ea520-6b06-45c3-806e-ea297c23e06a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e01598e8-6538-41ed-95e8-8b29746cd697\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor OS vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"osVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3576e28-8b17-4677-84c3-db2990658d64\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"global\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"notEquals\": \"Microsoft.AzureActiveDirectory/b2cDirectories\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e56962a6-4747-49cd-b67b-bf8b01975c4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Node.js Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Node.js version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestNodeJS\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e67687e8-08d5-4e7f-8226-5b4753bba008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations for resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that resource groups can be created in.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e765b5de-1225-4ba3-bd56-1ac6695af988\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within a web application must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e797f851-8be7-4c40-bb56-2e3395215b0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an API app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration and Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid110\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"NotInstalledApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"NotInstalledApplication\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[Parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0633351-c7b2-41ff-9981-508fc08553c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid121\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if they not logging to the LA workspace specified in the policy/initiative assignment.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"notEquals\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f47b5582-33ec-4c5c-87c0-b010a6b2e917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of authorization rules on Event Hub entities\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit existence of authorization rules on Event Hub entities to grant least-privileged access\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/eventhubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/eventHubs/authorizationRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4826e5f-6a27-407c-ae3e-9582eb39891d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Auditing on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\",\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8456c1c-aa66-4dfb-861a-25d127b775c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Service Bus\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Stream Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Stream Analytics\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingJobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits that the specified application is installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor SQL vulnerability assessment results in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedinstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"feedbf84-6b99-488c-acc2-71c829aa5ffc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"cheggert: Append VMSS extension\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/virtualMachineProfile\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*].type\",\r\n \"notEquals\": \"GenevaMonitoring\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*]\",\r\n \"value\": {\r\n \"name\": \"Microsoft.Azure.Geneva.GenevaMonitoring\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Geneva\",\r\n \"type\": \"GenevaMonitoring\",\r\n \"typeHandlerVersion\": \"1.8\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {}\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/01b105ed-6ded-4a1d-894c-df85fd9351cb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"01b105ed-6ded-4a1d-894c-df85fd9351cb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage_httpsTrafficOnly\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/023217dd-81bb-461f-93ea-8799caac50c7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"023217dd-81bb-461f-93ea-8799caac50c7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"This shouldn't work\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This customer's policy is attempting to append multiple tags at once. I expect it will just append one tag with a really long name\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"value\": [\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04183864-11ae-4e7a-aadb-c600e40ed1b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04183864-11ae-4e7a-aadb-c600e40ed1b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Inherit named tag from resource group\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Applies the tag value from the resource group if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[resourcegroup().tags[parameters('tagName')]]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04904947-4d10-4454-9a50-f423d590e11b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04904947-4d10-4454-9a50-f423d590e11b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : AuditIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"deploys a delete lock for a resource \",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/0b88dfdb-55b3-4fb0-b474-5b6dcbe6b2ef/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"CanNotDelete\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {},\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"apiVersion\": \"2015-01-01\",\r\n \"name\": \"DeleteLock\",\r\n \"properties\": {\r\n \"level\": \"CanNotDelete\",\r\n \"notes\": \"prevent deletion\"\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ddd96d8-fccd-40cb-81d2-5072a4ed061c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ddd96d8-fccd-40cb-81d2-5072a4ed061c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robga-nsgtemplate-test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ddfee46-9b63-4313-a529-cfbf968d8118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ddfee46-9b63-4313-a529-cfbf968d8118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akif incident - 85944710\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 85944710\\nhttps://icm.ad.msft.net/imp/v3/incidents/details/85944710/home\\n\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af12870bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af12870bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"second attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af1287abe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af1287abe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"chegg: Deploy azsecpack autoupgrade (VMSS)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n }\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*].name\",\r\n \"notEquals\": \"Microsoft.Azure.Geneva.GenevaMonitoring\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"Microsoft.Azure.Geneva.GenevaMonitoring\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"GenevaMonitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Geneva\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/enableAutomaticUpgrade\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-10-01\",\r\n \"name\": \"[concat(parameters('vmssName'), '/Microsoft.Azure.Geneva.GenevaMonitoring')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"enableAutomaticUpgrade\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ec05dac-e529-48ef-8c20-f7e6af99a12b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ec05dac-e529-48ef-8c20-f7e6af99a12b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/123c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"123c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim nsg repro\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"fix\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/14ac45e9-df97-455d-b6ee-dd216f15f694\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"14ac45e9-df97-455d-b6ee-dd216f15f694\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim-incident-86226837-fix\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"1 - reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/15358dd8-671e-4c96-be33-2b668791418f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"15358dd8-671e-4c96-be33-2b668791418f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Attempt service bus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logProfiles\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logProfiles/serviceBusRuleId\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/163c640e-681c-445f-92ba-cd434bd8c11c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"163c640e-681c-445f-92ba-cd434bd8c11c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.zyx\",\r\n \"exists\": \"false\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/17d43473-870f-4bc8-93c6-3961fa1d91cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17d43473-870f-4bc8-93c6-3961fa1d91cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"peterhaugeaudit\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Testing resource group in IfNotExists (not the intent of the original policy, but looks like there's some weirdness here)\\n\\nChanged: Microsoft.Resources/subscriptions/resourceGroups to Microsoft.Resources/resourceGroups\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"name\": \"EnforceServicePrincipalAccessToDevTestLabsResourceGroups\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/19153189-4506-4910-b7bc-756e0188a6f2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"19153189-4506-4910-b7bc-756e0188a6f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit all tags\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"tags\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags\",\r\n \"value\": \"[resourceGroup().tags]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1e3c9312-c011-40a3-ac40-3bf3ddc24120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e3c9312-c011-40a3-ac40-3bf3ddc24120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource group locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Allowed resource group locations\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f20036f-28c3-48f3-9266-05d50fe391f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f20036f-28c3-48f3-9266-05d50fe391f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"docdb_aliases_test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/isVirtualNetworkFilterEnabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f5360b7-fe59-43f7-8af5-825df420d09c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f5360b7-fe59-43f7-8af5-825df420d09c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ovewrites security rules with IP restrictions at the securityRule level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Limit to one protocol. The most inclusive should come last. I.e. 22;22-22;22-23\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"priority\": {\r\n \"type\": \"int\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[parameters('fullRuleName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-02-01\",\r\n \"properties\": {\r\n \"protocol\": \"*\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[last(parameters('destinationPortRanges'))]\",\r\n \"access\": \"Allow\",\r\n \"direction\": \"Inbound\",\r\n \"priority\": \"[parameters('priority')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[field('Microsoft.Network/networksecurityGroups/securityRules/priority')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"20c4afd0-8a77-4433-b8b0-4ad06e4c7111\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy NSGs on Subnets\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforce that all subnets have a Network Security Group. If a subnet does not have one an NSG with the default Internet Exposed Endpoint restrictions will be created and associated with it.\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string to apply to all automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges must not overlap.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks/subnets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"notEquals\": \"null\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgPrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"nsgName\": \"[concat(parameters('nsgPrefix'), '-', parameters('location'))]\",\r\n \"vnetName\": \"[split(parameters('fullResourceName'), '/')[0]]\",\r\n \"vnetResourceId\": \"[resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))]\",\r\n \"getVnetDeploymentName\": \"[concat('getVnet-', variables('vnetName'))]\",\r\n \"collectSubnetsDeploymentName\": \"[concat('collectSubnets-', variables('vnetName'))]\",\r\n \"overwriteVnetDeploymentName\": \"[concat('overwriteVnet-', variables('vnetName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"vnetProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('vnetResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[variables('nsgName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"securityRules\": [\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Restrict\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from specific IP ranges (either corpnet or SAW)\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3997,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_AllowVnet\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from within the VNET\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"VirtualNetwork\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3998,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Deny\",\r\n \"properties\": {\r\n \"description\": \"Deny any controlled port connections that aren't explicitly allowed in higher priority rules\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 3999,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_AllowAll\",\r\n \"properties\": {\r\n \"description\": \"Allow all inbound traffic that isn't explicitly blocked by Port Lockdown restrictions\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 4000,\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectSubnetsDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_collectSubnets_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"nsgResourceId\": {\r\n \"value\": \"[resourceid('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"dependsOn\": [\r\n \"[variables('nsgName')]\"\r\n ],\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_overwriteVnet_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"updatedSubnets\": {\r\n \"value\": \"[reference(variables('collectSubnetsDeploymentName')).outputs.updatedSubnets.value]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"nsgPrefix\": {\r\n \"value\": \"[parameters('nsgPrefix')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/210ed8bd-6b07-4d5e-a62c-c34f07293288\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"210ed8bd-6b07-4d5e-a62c-c34f07293288\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit all Microsoft.Web/sites/config/authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/211a466d-b2be-46e8-b029-8c28f566f118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"211a466d-b2be-46e8-b029-8c28f566f118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of a tag2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits that a required tag is present on resources\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"notcontainsKey\": \"[parameters('tagName')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24813039-7534-408a-9842-eb99f45721b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append single location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.locationTest\",\r\n \"value\": \"[parameters('allowedLocation')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin oms vm linux parameterized effect\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"263f13f4-6b88-4788-bead-34beedde70ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere strange alias in field function\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"Tags['asdasd']\",\r\n \"equals\": \"[concat('whatever', 'a')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/26556185-593c-4866-9c0c-114ac0bf6120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26556185-593c-4866-9c0c-114ac0bf6120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test guest assignment\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/28e54a72-2fd7-40d3-afe2-b05423e0147a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"28e54a72-2fd7-40d3-afe2-b05423e0147a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"2nd attempt on this policy. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"notIn\": \"[parameters('allowedLocations')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd60841400\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd60841400\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-combined\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"the combined policy attempt for both cosmos db cases. \",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"locationNames\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd6084180f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd6084180f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage ip rules append 2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.ipRules\",\r\n \"value\": [\r\n {\r\n \"value\": \"8.8.8.8\",\r\n \"action\": \"Allow\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/2b2317a7-ab02-47b5-8159-eb7e6227709f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2b2317a7-ab02-47b5-8159-eb7e6227709f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[demo] Enforce KeyVault diagnostic log storage\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"[tolower(concat('cheggkv', parameters('location')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('cheggremdemo', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/332ce4ac-9200-4573-8c66-92b85fc82c8d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"332ce4ac-9200-4573-8c66-92b85fc82c8d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_enableAutomaticFailover\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/enableAutomaticFailover\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_defaultConsistencyLevel\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/consistencyPolicy.defaultConsistencyLevel\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0b7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_readLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_writeLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_failoverPolicies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd160\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c0df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c0df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL and Managed Instance TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c144\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c144\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services vaults test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"vault\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vault\",\r\n \"description\": \"The Recovery Services Vault.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n },\r\n \"vaults\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vaults\",\r\n \"description\": \"The list of Recovery Services Vaults.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('vault')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('vaults')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b2c1b0f-63c5-4943-8578-6d37fbe411bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b2c1b0f-63c5-4943-8578-6d37fbe411bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b788cf8-ff6f-4075-86a1-ab76270790e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b788cf8-ff6f-4075-86a1-ab76270790e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3cc5820a-cbb8-4977-9c90-d90ced95f12c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3cc5820a-cbb8-4977-9c90-d90ced95f12c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Name should have prefix and suffix\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Name should have prefix and suffix\",\r\n \"parameters\": {\r\n \"prefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The prefix\",\r\n \"description\": \"The name prefix\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"suffix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The suffix\",\r\n \"description\": \"The name suffix.\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('prefix'), '*', parameters('suffix'))]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e275e2e-a157-4ade-8f91-43b3ea370007\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e275e2e-a157-4ade-8f91-43b3ea370007\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Restrict VM skus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Restricts allowed VM skus to a predefined regex\",\r\n \"parameters\": {\r\n \"allowedSkuTemplate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed VM sku template\",\r\n \"description\": \"The VM sku template. Supports wildcards via '*'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"like\": \"[parameters('allowedSkuTemplate')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e34c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e34c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKU\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits the use of storage account SKUs that don't meet organizational cost policy.\",\r\n \"parameters\": {\r\n \"listOfAllowedSkus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of allowed SKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSkus')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e3682\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e3682\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaDataFactoryTest1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"RobgaDataFactoryTest\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataFactory/factories\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/robgatestworkspace/providers/Microsoft.OperationalInsights/workspaces/robgatestworkspace\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce autoUpgrade on VM/VMSS extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies any VM or VMSS extensions that do not have autoUpgradeMinorVersion set to true.\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f772\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f772\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically enabled autoUpgradeMinorVersion on VM extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f783\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f783\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM scale set extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically appends autoUpgradeMinorVersion=true to VMSS extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f7a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f7a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService must use serverFarm\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService serverFarm must have capacity > 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/serverFarms\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/serverFarms/sku.capacity\",\r\n \"in\": [\r\n \"0\",\r\n \"1\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc23\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc23\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Do_Not_Delete\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy is used for unit tests. Please do not delete it.\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4a0425e4-97bf-4ad0-ab36-145b94083c60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4a0425e4-97bf-4ad0-ab36-145b94083c60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny MySQL firewallRules starting with 0\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4b94c320-ce63-4fb6-ba9d-7dbe648b90de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4b94c320-ce63-4fb6-ba9d-7dbe648b90de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83686598\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"deny the creation of storage if supportsHttpsTrafficOnly is false\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"detect 'allow All' NSG rule\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c915617-16f0-4c62-b021-e66d5409d11d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c915617-16f0-4c62-b021-e66d5409d11d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332195\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332199\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332199\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny storage container creation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts/blobServices/containers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4d2f8837-7acb-4488-b580-95960ee3f116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d2f8837-7acb-4488-b580-95960ee3f116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure auto-created NSG rules exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ensures that security rules created in auto-created PortLockdown NSGs are not tampered with\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string applied to automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to in the expected security rule. I.e. 192.4.0.0/8;192.5.0.0/8 or *\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions in the expected security rule\"\r\n }\r\n },\r\n \"priority\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected priority\",\r\n \"description\": \"The priority of the expected security rule.\"\r\n }\r\n },\r\n \"access\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected access\",\r\n \"description\": \"The access (allow/deny) of the expected security rule.\"\r\n },\r\n \"allowedValues\": [\r\n \"Allow\",\r\n \"Deny\"\r\n ]\r\n },\r\n \"name\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected name\",\r\n \"description\": \"The name of the expected security rule.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('nsgPrefix'), '-', field('location'))]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"equals\": \"[parameters('priority')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"[parameters('access')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"name\": {\r\n \"type\": \"string\"\r\n },\r\n \"priority\": {\r\n \"type\": \"string\"\r\n },\r\n \"access\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"isSinglePrefix\": \"[equals(count(parameters('sourceAddressPrefixes')), 1)]\",\r\n \"isSinglePortRange\": \"[equals(count(parameters('destinationPortRanges')), 1)]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('nsgName'), '/', parameters('name'))]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"properties\": {\r\n \"description\": \"Rule auto-created by Internet Exposed Endpoints protection\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[if(variables('isSinglePortRange'), first(parameters('destinationPortRanges')), '')]\",\r\n \"destinationPortRanges\": \"[if(not(variables('isSinglePortRange')), parameters('destinationPortRanges'), json('[]'))]\",\r\n \"sourceAddressPrefix\": \"[if(variables('isSinglePrefix'), first(parameters('sourceAddressPrefixes')), '')]\",\r\n \"sourceAddressPrefixes\": \"[if(not(variables('isSinglePrefix')), parameters('sourceAddressPrefixes'), json('[]'))]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"[parameters('access')]\",\r\n \"priority\": \"[int(parameters('priority'))]\",\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"name\": {\r\n \"value\": \"[parameters('name')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[parameters('priority')]\"\r\n },\r\n \"access\": {\r\n \"value\": \"[parameters('access')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f283ec4-25a9-46df-bbf2-806ed5a3e115\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rs defaultvalue backslash\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Extensions to Exclude\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \".FWD;.GSC;.GSE;.MYD;.MYI;.SMD;.VAC;.BAK;.CHK;.FRM;.LDF;.LOG;.MBX;.MDF;.NDF;.TRN;.UND;.UNF;.UNH;.UNI;.UNQ;.UNS;.VHD;.VMDX;.WCI;.EDB;.SDS\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Paths to Exclude\",\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Sysvol;C:\\\\ProgramData\\\\Microsoft\\\\SharePoint;C:\\\\Program Files\\\\Common Files\\\\Microsoft Shared\\\\Web Server Extensions;C:\\\\Program Files\\\\Operations Manager;C:\\\\Program Files\\\\Microsoft Monitoring Agent;C:\\\\Program Files\\\\Microsoft Office Servers;C:\\\\Program Files\\\\Microsoft System Center 2012 R2\\\\Server;C:\\\\Program Files\\\\System Center Operations Manager;C:\\\\Program Files\\\\System Center Operations Manager 2007;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\NTDS;C:\\\\Windows\\\\System32\\\\LogFiles;C:\\\\Windows\\\\Sysvol;C:\\\\Program Files\\\\Double-Take Software;C:\\\\Program Files\\\\DoubleTake;C:\\\\Program Files\\\\Exchsrvr;C:\\\\Program Files\\\\Ipswitch;C:\\\\Program Files\\\\LogMeIn;C:\\\\Windows\\\\SoftwareDistribution\\\\Datastore;C:\\\\Windows\\\\Temp\\\\Gthrsvc\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Processes to Exclude\",\r\n \"description\": \"Semicolon delimited list of processes to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"HealthService.exe;ManagementService.exe;Microsoft.Mom.Sdk.Service.exe;Microsoft.Mom.ConfigServiceHost.exe;MonitoringHost.exe;pagefile.sys\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable real time protection\",\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Scheduled scans\",\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n },\r\n \"defaultValue\": \"false\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Scheduled Scan Type\",\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n },\r\n \"defaultValue\": \"Quick\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Day of Scheduled Scan\",\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n },\r\n \"defaultValue\": \"7\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Time of Scheduled Scan\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"120\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"value\": \"[parameters('ExclusionsExtensions')]\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"value\": \"[parameters('ExclusionsPaths')]\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"value\": \"[parameters('ExclusionsProcesses')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"[parameters('RealtimeProtectionEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsIsEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsDay')]\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsTime')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50877efd-8dd9-43d5-b4e6-3b70e64311b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50877efd-8dd9-43d5-b4e6-3b70e64311b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy key vault KV_B if key vault KV_A does not exist.\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy will deploy a key vault named KV_B if a key vault named KV_A does not exist.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"KV_B\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-10-01\",\r\n \"name\": \"KV_A\",\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"location\": \"eastus2\",\r\n \"properties\": {\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"sku\": {\r\n \"family\": \"A\",\r\n \"name\": \"standard\"\r\n },\r\n \"accessPolicies\": []\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50e2972e-143c-4edf-9ef6-bee0f84212d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaTestRbac\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Authorization/roleAssignments/principalId\",\r\n \"equals\": \"Admin\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/560482cd-dac5-41e6-9cef-b0aecd6020de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"560482cd-dac5-41e6-9cef-b0aecd6020de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : definition param with assignPermissions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/57ef268f-b414-436a-9894-125a81d80b30\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"57ef268f-b414-436a-9894-125a81d80b30\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"GokmenhAuditLocation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit if not west us\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5948d091-78b7-4d3b-a404-cc6a0329b0c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5948d091-78b7-4d3b-a404-cc6a0329b0c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"deployifnotexist template alias tests - redis\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/Redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/sku.family\",\r\n \"equals\": \"C\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"Whatever*\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"type\": \"string\"\r\n },\r\n \"nameField\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuFamilyOut\": {\r\n \"value\": \"[parameters('skuFamily')]\",\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPortOut\": {\r\n \"value\": \"[parameters('enableNonSslPort')]\",\r\n \"type\": \"string\"\r\n },\r\n \"nameFieldOut\": {\r\n \"value\": \"[parameters('nameField')]\",\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/sku.family')]\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/enableNonSslPort')]\"\r\n },\r\n \"nameField\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"exists\": \" false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca376\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca376\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86318519\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86318519\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallrules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"AllowAllWindowsAzureIps\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca600\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca600\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"exists\": \"true\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"notIn\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca8d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca8d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Test storage alias\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Test storage alias\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"type\": \"string\"\r\n },\r\n \"encrypt\": {\r\n \"type\": \"string\"\r\n },\r\n \"accessTier\": {\r\n \"type\": \"string\"\r\n },\r\n \"skuName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuNameOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('skuName')]\"\r\n },\r\n \"accessTierOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('accessTier')]\"\r\n },\r\n \"httpsOnlyOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('httpsOnly')]\"\r\n },\r\n \"encryptOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('encrypt')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly')]\"\r\n },\r\n \"encrypt\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/enableBlobEncryption')]\"\r\n },\r\n \"accessTier\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/accessTier')]\"\r\n },\r\n \"skuName\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/sku.name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5fa69139-9a49-464e-90b5-0d243a469138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5fa69139-9a49-464e-90b5-0d243a469138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit costcenter tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"value\": \"[resourceGroup().tags.CostCenter]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6ced0d17-98f3-41e2-8038-08c8f4fb90e3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6ced0d17-98f3-41e2-8038-08c8f4fb90e3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim Apply allowed tag and its default value\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"3\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n },\r\n \"allowedValues\": [\r\n \"TagA\",\r\n \"TagB\"\r\n ]\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6d1735de-f3e3-4c40-a8b2-7b3a1042a895\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6d1735de-f3e3-4c40-a8b2-7b3a1042a895\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": null\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"3\"\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"Metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The metric operator.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"The timeAggregation.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"The window size.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"The evaluation frequency.\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The action group id.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('alertNamePrefix'), '*')]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(toLower(parameters('alertNamePrefix')), uniqueString(resourceGroup().id))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6f2c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6f2c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testImageId\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"css\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"contains\": \"resourceGroups/testSandipsh\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/70dc1e8d-61c9-4089-8bf5-895b227c1298\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"70dc1e8d-61c9-4089-8bf5-895b227c1298\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"policyTrackedResources-sdk-tests\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"notIn\": [\r\n \"policyTrackedResources-sdk-tests-rule1\",\r\n \"policyTrackedResources-sdk-tests-rule2\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule1')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule2')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2001,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny if blob is not encrypted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/74d5cf40-7293-46a4-a285-7ea971e3719a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"74d5cf40-7293-46a4-a285-7ea971e3719a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Location restriction\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Policy to force allocations to a set of given locations\",\r\n \"metadata\": {\r\n \"category\": \"cstack\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/763dcd1d-a4a9-46a8-8bd3-357c4533a335\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"763dcd1d-a4a9-46a8-8bd3-357c4533a335\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83577342 deny proxy resource location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/83577342/home\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"eastus\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingjobs/transformations\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/77429b44-aac1-4417-a53e-6900c07e11ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"77429b44-aac1-4417-a53e-6900c07e11ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Block TLS < 1.2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/slots/config\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\r\n \"notEquals\": \"1.2\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/78c5df31-2f05-4f4d-acfe-3e536d88c1bc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"78c5df31-2f05-4f4d-acfe-3e536d88c1bc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny ActiveDirectory administrators\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/administrators/administratorType\",\r\n \"equals\": \"ActiveDirectory\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash weird chars\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR!@#$%^&*()_+=-{}[];:',.<>?~`/;C:\\\\hello\\\\there\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7f4d769f-78db-46eb-ac3c-0b8214f8c245\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f4d769f-78db-46eb-ac3c-0b8214f8c245\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock v2\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/83daa8ee-7c9a-470c-81a8-5a99ac09d134\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83daa8ee-7c9a-470c-81a8-5a99ac09d134\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"northwell.io\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/86cd412c-c557-473b-984c-a5f15cdcb116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86cd412c-c557-473b-984c-a5f15cdcb116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Parameterized effect (if location != eastus)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The policy effect.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"eastus\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"885f1dcb-a9c5-4c8c-8996-2702db44a2d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.xyz\",\r\n \"exists\": false\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8959fd87-c1dd-4831-9034-a4f876bee1cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8959fd87-c1dd-4831-9034-a4f876bee1cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Kubernetes ingress policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Only specified ingress is allowed based on names\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere applicability test 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/whatever\"\r\n },\r\n {\r\n \"field\": \"tags.applicability\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8e6b598c-1a45-404b-97dd-983e37c040da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8e6b598c-1a45-404b-97dd-983e37c040da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_ipRangeFilter\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/ipRangeFilter\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9012b1cd-b045-46c6-a510-6137e06a009c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elperetest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"value\": \"[resourceGroup().tags['Hyphen-test']]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9389a21b-2134-414a-a579-e9f2709b2131\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9389a21b-2134-414a-a579-e9f2709b2131\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash (array)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": [\r\n \"C:\\\\rs-pkgs\",\r\n \"C:\\\\System Volume Information\\\\DFSR\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/985adbc0-6d2e-448a-ac26-89d3688191d5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"985adbc0-6d2e-448a-ac26-89d3688191d5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github209\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/virtualNetworkRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9a060c03-fda7-4b0a-b4da-15e2b7e4d117\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9a060c03-fda7-4b0a-b4da-15e2b7e4d117\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - Subscription Lvl test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Subscriptionlevel auditIfNotExist policy\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a1b067c8-2970-4c0b-b0da-31ae7f33d1de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1b067c8-2970-4c0b-b0da-31ae7f33d1de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Noop\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Don't do anything\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"yabba\",\r\n \"dabba\",\r\n \"doo\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a309ad64-0bae-48d9-a6b1-d99c0b4218b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a309ad64-0bae-48d9-a6b1-d99c0b4218b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyof\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a337c781-c7d8-4e12-ae69-1951c7e74378\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a337c781-c7d8-4e12-ae69-1951c7e74378\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127 - better\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\",\r\n \"Deny\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"81196380\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure https traffic only for storage account\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure https traffic only for storage account\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"true\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscription name tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"add subscription name tag\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionname\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionname\",\r\n \"value\": \"[subscription().displayName]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d82a2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d82a2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Add subscription \\\"id\\\" tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.id\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.id\",\r\n \"value\": \"[subscription().id]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8339\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8339\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscriptionId tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionId\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionId\",\r\n \"value\": \"[subscription().subscriptionId]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8635\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8635\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgaNSGtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/aeb6a524-e3d1-4b8a-afa8-26ae4e291116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aeb6a524-e3d1-4b8a-afa8-26ae4e291116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed Location Indexed\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"hackathon policy\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Allowed-Locations-Indexed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Allowed-Locations-Indexed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if antiMalware extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy audits if the anti malware extension .\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/antiMalwareExtensionExists\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"antiMalwareExtensionExists\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Web socket must be disabled on App Services\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures web sockets are disabled on App Services.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/AppServiceWebSockets\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"AppServiceWebSockets\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure Security Center must be enabled\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures Azure Security Center is enabled.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ASCEnabled\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ASCEnabled\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and it's value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and its value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits if a required extension doesn't exist.\",\r\n \"parameters\": {\r\n \"publisher\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The publisher of the extension\",\r\n \"displayName\": \"Extension Publisher\"\r\n }\r\n },\r\n \"type\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The type of the extension\",\r\n \"displayName\": \"Extension Type\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"[parameters('publisher')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"[parameters('type')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/audit-vm-extension\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"audit-vm-extension\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"CanCrudPolicyAssignment Policy Definition $[Auto Test]\",\r\n \"policyType\": \"Custom\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"ResourceProviderTestHost/TestResourceType/TestResourceTypeNestedOne/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/azsmnet6487\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"azsmnet6487\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"89322663 audit diag setting\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"description\": \"The list of resources types to audit for missing diagnostic log settings.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"details\": {\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"equals\": \"true\",\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\"\r\n }\r\n ]\r\n },\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\"\r\n },\r\n \"effect\": \"AuditIfNotExists\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b350b9b0-8ba5-4867-bc9c-63b4544671b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b350b9b0-8ba5-4867-bc9c-63b4544671b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"makharchtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"policy\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b36f6195-0fc5-4a41-bbce-875248400f5f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b36f6195-0fc5-4a41-bbce-875248400f5f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash really long string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b9203c56-0565-434a-a315-87f4da9f21b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b9203c56-0565-434a-a315-87f4da9f21b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"NSG Rules exists test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].protocol\",\r\n \"notLike\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/bb6a78ae-8737-41e0-9c41-cc777c8c00a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bb6a78ae-8737-41e0-9c41-cc777c8c00a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"Category\": \"Flintstones\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"yabba\",\r\n \"dabba\",\r\n \"doo\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/BedrockPolicy\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"BedrockPolicy\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c0f586f1-abe5-4801-8588-7332e49e60c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c0f586f1-abe5-4801-8588-7332e49e60c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"234\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logprofiles\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/logprofiles\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Doublecheck the lifecycle tag policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy refers to tags['Lifecycle'], which with the current implementation of the escaped tags syntax will refer to a tag named 'Lifecycle' (quotes and all). This is a customer policy that would be broken when I switch the meaning of tags['Lifecycle'] to refer simply to a tag named Lifecycle (no quotes)\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['Lifecycle']\",\r\n \"notIn\": [\r\n \"dev\",\r\n \"tst\",\r\n \"stg\",\r\n \"prd\",\r\n \"trn\",\r\n \"prf\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c6be98a9-8108-40aa-b726-d2ae8e2891b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c6be98a9-8108-40aa-b726-d2ae8e2891b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe resource group auditIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c7b9982d-2f50-4730-935f-5c241982a441\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c7b9982d-2f50-4730-935f-5c241982a441\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed resource types\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": \"The list of allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('allowedTypes')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c872f951-1c5d-4c61-89dd-aee2350a11ba\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8b79b49-a579-4045-984e-1b249ab8b474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8cedfaa-4aa0-465a-8b90-49caf8177158\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8cedfaa-4aa0-465a-8b90-49caf8177158\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere css block NSG changes\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/95894791/home\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"nsgName\",\r\n \"description\": \"The name of the NSG.\"\r\n },\r\n \"defaultValue\": \"nsgName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('nsgName')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"fullName\",\r\n \"like\": \"[concat(parameters('nsgName'), '/*')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ca01432d-4278-45a6-8137-69f2155d2248\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ca01432d-4278-45a6-8137-69f2155d2248\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin empty string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure resource names meet the like condition for a pattern.\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"namePattern\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"namePattern\",\r\n \"description\": \"Pattern to use for names. Can include wildcard (*).\"\r\n },\r\n \"allowedValues\": [\r\n \"\",\r\n \"one\",\r\n \"two\"\r\n ],\r\n \"defaultValue\": \"\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('namePattern')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"camarvin-test-empty-assign\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere append 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.test\",\r\n \"value\": \"1\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny on 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.test\",\r\n \"equals\": \"1\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Resource name contains resource group name\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Require resources to contain the resource group's name\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"notContains\": \"[resourceGroup().name]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/contain-resource-group-name\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"contain-resource-group-name\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v3\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"third attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5002\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-deployIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"deploys a delete lock for a resource \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/0b88dfdb-55b3-4fb0-b474-5b6dcbe6b2ef/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"CanNotDelete\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {},\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"apiVersion\": \"2015-01-01\",\r\n \"name\": \"DeleteLock\",\r\n \"properties\": {\r\n \"level\": \"CanNotDelete\",\r\n \"notes\": \"prevent deletion\"\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5632\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5632\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce KeyVault diagnostic log storage (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"elperetest\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('elpere', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d0d9349d-843c-443a-9f27-5ce84f08c37e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d0d9349d-843c-443a-9f27-5ce84f08c37e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere template paramters function tests\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"testing strange array behavior\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"contains\": \"lmao\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"String\"\r\n },\r\n \"dataDisks\": {\r\n \"type\": \"object\"\r\n },\r\n \"osDisk\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmVar\": \"[parameters('vmName')]\",\r\n \"dataDisksVar\": \"[parameters('dataDisks')]\"\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"vmNameOut\": {\r\n \"value\": \"[variables('vmVar')]\",\r\n \"type\": \"String\"\r\n },\r\n \"dataDisksOut\": {\r\n \"value\": \"[concat(array(parameters('osDisk')), if(empty(parameters('dataDisks').rawValue), parameters('dataDisks').emptyArray, array(parameters('dataDisks').rawValue)))]\",\r\n \"type\": \"array\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"dataDisks\": {\r\n \"value\": {\r\n \"rawValue\": \"[field('Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.id')]\",\r\n \"emptyArray\": []\r\n }\r\n },\r\n \"osDisk\": {\r\n \"value\": \"[field('Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.id')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d2532053-bf59-4095-a1ae-2b7e4744f119\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d2532053-bf59-4095-a1ae-2b7e4744f119\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Access KV as part of remidiation deployment test (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"hello\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"outputs\": {\r\n \"testSecretOutput\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('testSecret')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"reference\": {\r\n \"keyVault\": {\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/elpere/providers/Microsoft.KeyVault/vaults/elpereKv\"\r\n },\r\n \"secretName\": \"test\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d35ce9be-f51b-4d3e-bc7f-dde2936381b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d35ce9be-f51b-4d3e-bc7f-dde2936381b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - inv\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"inv \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\",\r\n \"details\": {\r\n \"functionId\": \"subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourcegroups/AKif2WebApp/providers/Microsoft.Logic/workflows/deneme\",\r\n \"payload\": {\r\n \"locations\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d54722e7-4665-47ce-9a82-2f96cebfe238\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d54722e7-4665-47ce-9a82-2f96cebfe238\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - incident - gardner\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"name\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"text\": {\r\n \"type\": \"string\",\r\n \"value\": \"Policy executed for resource [parameters('name')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"name\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d54722e7-4665-47ce-9a82-2f96cebfe353\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d54722e7-4665-47ce-9a82-2f96cebfe353\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs (NSG level)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Overwrites security rules with IP restrictions at the NSG level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges may overlap.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"getNsgDeploymentName\": \"[concat('getNSGContent-', parameters('nsgName'))]\",\r\n \"collectorDeploymentName\": \"[concat('collectRules-', parameters('nsgName'))]\",\r\n \"overwriteNsgDeploymentName\": \"[concat('overwriteNsg-', parameters('nsgName'))]\",\r\n \"nsgResourceId\": \"[resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"nsgProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('nsgResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectorDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_collectRules_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"nsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"portRangesToRestrict\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_overwriteNSG_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"originalNsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"updatedSecurityRules\": {\r\n \"value\": \"[reference(variables('collectorDeploymentName')).outputs.updatedSecurityRules.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d7b13c30-e6aa-47e1-b50a-8e33f152d086\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d7b13c30-e6aa-47e1-b50a-8e33f152d086\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7121\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7126\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e712b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7130\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7135\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e713a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Audited skus\",\r\n \"description\": \"The list of skus.\",\r\n \"strongType\": \"storageSkus\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e90ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e90ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List Of Allowed SKUs\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"vmSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e9170\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e9170\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[elpere] deployIfNotExists Runners test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"deployIfNotExistsTestsRule\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/deployIfNotExistsTestsRule')]\",\r\n \"properties\": {\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbfa9fc0-5202-4001-8759-1aa2387f825b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbfa9fc0-5202-4001-8759-1aa2387f825b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"allowedOS\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"test_sandipsh\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedWindows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Windows VMs\",\r\n \"description\": \"The list of allowed VMs for Windows.\"\r\n }\r\n },\r\n \"listOfAllowedUbuntus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Ubuntu VMs\",\r\n \"description\": \"The list of allowed VMs for Ubuntu.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/disks\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"Canonical\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"UbuntuServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedUbuntus')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedWindows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services backup policies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"policies\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policies\",\r\n \"description\": \"The list of allowed Recovery Services backup policies.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n },\r\n \"policy\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policy\",\r\n \"description\": \"Allowed Recovery Services backup policy.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('policies')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('policy')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e3f9a624-b17d-4dc8-9649-65814d3241bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3f9a624-b17d-4dc8-9649-65814d3241bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"authSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their logs config\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"logs\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny changing sites authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"defaultValue: all parameters\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"defaultValue\"\r\n },\r\n \"parameters\": {\r\n \"locations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array)\",\r\n \"description\": \"The list of locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": [\r\n \"eastus\",\r\n \"westus\"\r\n ]\r\n },\r\n \"location\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string)\",\r\n \"description\": \"The location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"resourceGroups\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array)\",\r\n \"description\": \"The list of resource groups.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": [\r\n \"camarvin\"\r\n ]\r\n },\r\n \"resourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string)\",\r\n \"description\": \"The resource group.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": \"camarvin\"\r\n },\r\n \"tags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array)\",\r\n \"description\": \"The list of tags.\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"tag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string)\",\r\n \"description\": \"The tag.\"\r\n },\r\n \"defaultValue\": \"\"\r\n },\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array, av)\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": [\r\n \"eastus\"\r\n ]\r\n },\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string, av)\",\r\n \"description\": \"The allowed location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"allowedStorageSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array, av)\",\r\n \"description\": \"The list of allowed storage SKUs for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ]\r\n },\r\n \"allowedStorageSKU\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string, av)\",\r\n \"description\": \"The allowed storage SKU for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": \"Standard_LRS\"\r\n },\r\n \"allowedTags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array, av)\",\r\n \"description\": \"The list of allowed tags.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ]\r\n },\r\n \"allowedTag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string, av)\",\r\n \"description\": \"The allowed tag.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": \"FirstName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('locations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('resourceGroups')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('resourceGroup')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('tags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('tag')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedStorageSkus')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"Equals\": \"[parameters('allowedStorageSku')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedTags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"NotEquals\": \"[parameters('allowedTag')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ea1688b3-022e-4add-af39-2fe60689a3b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ea1688b3-022e-4add-af39-2fe60689a3b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny \\\"Allow All\\\" NSG rules\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies the creation of sourceAddressPrefix=\\\"*\\\", destinationPortRange=\\\"*\\\" NSG security rules\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"PortLockdown_AllowAll\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"notEquals\": \"4000\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github264\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/siteAuthSettings.enabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ef00ee9d-fe45-4d14-8bee-789eea392116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ef00ee9d-fe45-4d14-8bee-789eea392116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"GokmenhTestTagWithHyphen5\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"GokmenhTestTagWithHyphen5\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"value\": \"[resourceGroup().tags['Hyphen-test']]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/f2320be5-23be-4b58-8d8e-08c3044dd60f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f2320be5-23be-4b58-8d8e-08c3044dd60f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy enables you to audit your location.\",\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/LocationAuditDefinition\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"LocationAuditDefinition\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"northeurope\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/policy2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"policy2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps6386\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps6386\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9652\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps9652\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9867\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps9867\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test policy\",\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testSandipsh.draft\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testSandipsh.draft\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testtest\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"testtest\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testtest\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testtest\"\r\n }\r\n ]\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8wMDE1ZWE0ZC01MWZmLTRjZTMtOGQ4Yy1mM2Y4ZjAxNzlhNTY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:4f4d73a3-fc01-435c-9859-d77c4be266e9" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "a4ecefcf-e525-428d-bd8e-f9feef6e2ab3" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204137Z:a4ecefcf-e525-428d-bd8e-f9feef6e2ab3" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:36 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8wMDE1ZWE0ZC01MWZmLTRjZTMtOGQ4Yy1mM2Y4ZjAxNzlhNTY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-correlation-request-id": [ + "b86d88b5-9dc9-4e5f-a947-d36d70cee5ed" + ], + "x-ms-request-id": [ + "westus2:9d99b53e-4406-4cf4-beb1-8d0fb6f29152" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204137Z:b86d88b5-9dc9-4e5f-a947-d36d70cee5ed" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:37 GMT" + ], + "Content-Length": [ + "796" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines without disaster recovery configured\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"ASR-Protect-*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8wMDE4MDJkMS00OTY5LTRjODItYTcwMC1jMjljNmM2ZjliYmQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:f8ebc58c-53d0-4d33-913d-2fcce3fc3ce2" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-correlation-request-id": [ + "1e0b936f-1f89-4bc3-9c49-6c224c280647" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204137Z:1e0b936f-1f89-4bc3-9c49-6c224c280647" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:37 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '001802d1-4969-4c82-a700-c29c6c6f9bbd' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8wMDE4MDJkMS00OTY5LTRjODItYTcwMC1jMjljNmM2ZjliYmQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11999" + ], + "x-ms-request-id": [ + "westus2:cad7dc82-3b2c-4f4b-9d26-81cf9e753b06" + ], + "x-ms-correlation-request-id": [ + "a34fda67-2d11-4ee3-a254-62f57a9aa03e" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204137Z:a34fda67-2d11-4ee3-a254-62f57a9aa03e" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:36 GMT" + ], + "Content-Length": [ + "1266" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an Function app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"001802d1-4969-4c82-a700-c29c6c6f9bbd\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/053d3325-282c-4e5c-b944-24faffd30d77?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8wNTNkMzMyNS0yODJjLTRlNWMtYjk0NC0yNGZhZmZkMzBkNzc/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:2e595850-c3ee-4316-b58b-f4e2b3d70f89" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "1475518d-a05e-4882-b6e9-fe01cc77ae12" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204137Z:1475518d-a05e-4882-b6e9-fe01cc77ae12" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:37 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '053d3325-282c-4e5c-b944-24faffd30d77' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/053d3325-282c-4e5c-b944-24faffd30d77?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8wNTNkMzMyNS0yODJjLTRlNWMtYjk0NC0yNGZhZmZkMzBkNzc/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:d261d470-d4d3-44c6-af26-baf74b93d7b9" + ], + "x-ms-correlation-request-id": [ + "45cae128-d6b9-4908-9dc8-7a91ea78c9d2" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204137Z:45cae128-d6b9-4908-9dc8-7a91ea78c9d2" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:37 GMT" + ], + "Content-Length": [ + "4930" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"053d3325-282c-4e5c-b944-24faffd30d77\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8wNTdlZjI3ZS02NjVlLTQzMjgtOGVhMy0wNGIzMTIyYmQ5ZmI/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:4e203b5c-48c4-4e4d-9268-877b863d59bc" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-correlation-request-id": [ + "c95f8c2d-01fe-4b17-9d44-6f0b176b78cc" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204138Z:c95f8c2d-01fe-4b17-9d44-6f0b176b78cc" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:37 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '057ef27e-665e-4328-8ea3-04b3122bd9fb' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8wNTdlZjI3ZS02NjVlLTQzMjgtOGVhMy0wNGIzMTIyYmQ5ZmI/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:ae544529-33fd-4939-8669-df7c29d6c0dc" + ], + "x-ms-correlation-request-id": [ + "2e342eb8-373f-4f23-9e88-ccdd263dfb80" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204138Z:2e342eb8-373f-4f23-9e88-ccdd263dfb80" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:37 GMT" + ], + "Content-Length": [ + "1410" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Data Lake Store\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057ef27e-665e-4328-8ea3-04b3122bd9fb\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a12?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8wNmE3OGUyMC05MzU4LTQxYzktOTIzYy1mYjczNmQzODJhMTI/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:1ca3d06e-6348-4eca-acaa-154633960e94" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-correlation-request-id": [ + "a1cfe35e-32a5-4ec1-89f7-7ae0b13d796b" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204138Z:a1cfe35e-32a5-4ec1-89f7-7ae0b13d796b" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:37 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '06a78e20-9358-41c9-923c-fb736d382a12' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a12?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8wNmE3OGUyMC05MzU4LTQxYzktOTIzYy1mYjczNmQzODJhMTI/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:3b00fcba-9d2b-4dd5-b1fc-0c1f3b7993de" + ], + "x-ms-correlation-request-id": [ + "4a0ba76d-b0c3-45d8-879d-19acd15d363f" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204138Z:4a0ba76d-b0c3-45d8-879d-19acd15d363f" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:38 GMT" + ], + "Content-Length": [ + "902" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL DB Level Audit Setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit DB level audit setting for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a12\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8wNmE3OGUyMC05MzU4LTQxYzktOTIzYy1mYjczNmQzODJhNGQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:54a3acfe-a089-48e4-9627-ce0d20c88137" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "4be76110-34e9-4256-83a3-158a9b8c9e13" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204138Z:4be76110-34e9-4256-83a3-158a9b8c9e13" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:38 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '06a78e20-9358-41c9-923c-fb736d382a4d' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8wNmE3OGUyMC05MzU4LTQxYzktOTIzYy1mYjczNmQzODJhNGQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:3e107453-f3d5-48d6-aadd-ae26b1dbe846" + ], + "x-ms-correlation-request-id": [ + "07b9438d-89f3-4f59-b917-7fe971d169ed" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204138Z:07b9438d-89f3-4f59-b917-7fe971d169ed" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:38 GMT" + ], + "Content-Length": [ + "897" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit VMs that do not use managed disks\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a4d\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8wODIwYjdiOS0yM2FhLTQ3MjUtYTFjZS1hZTQ1NThmNzE4ZTU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:52a4bfb8-cd77-47fc-b26b-7e1c3e508e9d" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "7ee32340-1956-41f2-805a-99a0e79a7455" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204138Z:7ee32340-1956-41f2-805a-99a0e79a7455" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:38 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '0820b7b9-23aa-4725-a1ce-ae4558f718e5' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8wODIwYjdiOS0yM2FhLTQ3MjUtYTFjZS1hZTQ1NThmNzE4ZTU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:c1bdc4a4-7207-48b3-9041-a0cc2bf0e5aa" + ], + "x-ms-correlation-request-id": [ + "6fcd7e3c-a20a-4ec9-a5c5-844c0ba89edb" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204138Z:6fcd7e3c-a20a-4ec9-a5c5-844c0ba89edb" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:38 GMT" + ], + "Content-Length": [ + "1294" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8wODY4NDYyZS02NDZjLTRmZTMtOWNlZC1hNzMzNTM0YjZhMmM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:9f2883d4-e676-484f-a4ef-499b7cdddfae" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11993" + ], + "x-ms-correlation-request-id": [ + "fe17df97-a1b5-4e56-bbf8-9e4b6a77cfd8" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204138Z:fe17df97-a1b5-4e56-bbf8-9e4b6a77cfd8" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:38 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '0868462e-646c-4fe3-9ced-a733534b6a2c' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8wODY4NDYyZS02NDZjLTRmZTMtOWNlZC1hNzMzNTM0YjZhMmM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-correlation-request-id": [ + "6189094b-7dd5-4ca7-923a-e2b4a16cd4a8" + ], + "x-ms-request-id": [ + "westus2:93956768-fbc3-4575-9095-162ac2c8e5c0" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11999" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204138Z:6189094b-7dd5-4ca7-923a-e2b4a16cd4a8" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:38 GMT" + ], + "Content-Length": [ + "5553" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0868462e-646c-4fe3-9ced-a733534b6a2c\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/08b17839-76c6-4015-90e0-33d9d54d219c?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8wOGIxNzgzOS03NmM2LTQwMTUtOTBlMC0zM2Q5ZDU0ZDIxOWM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:9ad8e4c6-c672-49cd-a7b4-c2fd32804330" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "7c55d750-9d88-4a1a-a9c1-e6fa89571aec" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204139Z:7c55d750-9d88-4a1a-a9c1-e6fa89571aec" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:38 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '08b17839-76c6-4015-90e0-33d9d54d219c' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/08b17839-76c6-4015-90e0-33d9d54d219c?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8wOGIxNzgzOS03NmM2LTQwMTUtOTBlMC0zM2Q5ZDU0ZDIxOWM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:db4e5d85-a721-4517-84b7-115ff2959acd" + ], + "x-ms-correlation-request-id": [ + "6e01780e-9a38-4864-a1db-b618012ef04f" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204139Z:6e01780e-9a38-4864-a1db-b618012ef04f" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:39 GMT" + ], + "Content-Length": [ + "1291" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08b17839-76c6-4015-90e0-33d9d54d219c\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8wOTAyNGNjYy0wYzVmLTQ3NWUtOTQ1Ny1iN2MwZDllZDQ4N2I/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:c881da01-c708-47e9-897b-239d77ae7db8" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "ac0477f9-a60b-49b2-ac8a-ac4499313451" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204139Z:ac0477f9-a60b-49b2-ac8a-ac4499313451" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:39 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '09024ccc-0c5f-475e-9457-b7c0d9ed487b' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8wOTAyNGNjYy0wYzVmLTQ3NWUtOTQ1Ny1iN2MwZDllZDQ4N2I/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:fd1445ff-8685-43ae-abec-d09b1f3ce287" + ], + "x-ms-correlation-request-id": [ + "089cb048-76a8-415e-afa4-f16c843d818e" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204139Z:089cb048-76a8-415e-afa4-f16c843d818e" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:39 GMT" + ], + "Content-Length": [ + "1092" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit minimum number of owners for subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate more than one subscription owner in order to have administrator access redundancy.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateMoreThanOneOwner\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/0961003e-5a0a-4549-abde-af6a37f2724d?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8wOTYxMDAzZS01YTBhLTQ1NDktYWJkZS1hZjZhMzdmMjcyNGQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:c802282c-2be9-478d-be9d-365b9e2c7324" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "69f1911d-4ee2-442e-97bc-977c03f8426c" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204139Z:69f1911d-4ee2-442e-97bc-977c03f8426c" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:38 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '0961003e-5a0a-4549-abde-af6a37f2724d' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/0961003e-5a0a-4549-abde-af6a37f2724d?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8wOTYxMDAzZS01YTBhLTQ1NDktYWJkZS1hZjZhMzdmMjcyNGQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-correlation-request-id": [ + "b9397352-b87e-496b-866d-664aff1693f9" + ], + "x-ms-request-id": [ + "westus2:b364eecb-9edc-4392-baec-dc180b403313" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11999" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204139Z:b9397352-b87e-496b-866d-664aff1693f9" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:38 GMT" + ], + "Content-Length": [ + "1070" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted VM Disks in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0961003e-5a0a-4549-abde-af6a37f2724d\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/0a914e76-4921-4c19-b460-a2d36003525a?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8wYTkxNGU3Ni00OTIxLTRjMTktYjQ2MC1hMmQzNjAwMzUyNWE/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:ca890c2c-90b8-4879-93f9-2f0121f367ec" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "512effe9-b668-4c93-b1cb-2f39dd252a4a" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204139Z:512effe9-b668-4c93-b1cb-2f39dd252a4a" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:39 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '0a914e76-4921-4c19-b460-a2d36003525a' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/0a914e76-4921-4c19-b460-a2d36003525a?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8wYTkxNGU3Ni00OTIxLTRjMTktYjQ2MC1hMmQzNjAwMzUyNWE/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11999" + ], + "x-ms-request-id": [ + "westus2:f05efd00-386f-40d3-9f1b-c7d1895cfebd" + ], + "x-ms-correlation-request-id": [ + "8441c7a6-de36-4af2-8752-9ef98302cfe6" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204139Z:8441c7a6-de36-4af2-8752-9ef98302cfe6" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:38 GMT" + ], + "Content-Length": [ + "556" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit resource location matches resource group location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that the resource location matches its resource group location\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"notIn\": [\r\n \"[resourcegroup().location]\",\r\n \"global\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a914e76-4921-4c19-b460-a2d36003525a\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8wZTYwYjg5NS0zNzg2LTQ1ZGEtODM3Ny05YzZiNGI2YWM1Zjk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:7066210f-6cc3-4d4f-9684-a535a9725d54" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-correlation-request-id": [ + "acf00585-394d-480a-bef5-d4afa3f991ae" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204139Z:acf00585-394d-480a-bef5-d4afa3f991ae" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:39 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '0e60b895-3786-45da-8377-9c6b4b6ac5f9' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8wZTYwYjg5NS0zNzg2LTQ1ZGEtODM3Ny05YzZiNGI2YWM1Zjk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11995" + ], + "x-ms-request-id": [ + "westus2:a47dfd62-3f12-4aa6-b172-d5d732002d6c" + ], + "x-ms-correlation-request-id": [ + "663ec411-91b2-498c-aa58-cf4ad8c9824d" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204139Z:663ec411-91b2-498c-aa58-cf4ad8c9824d" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:39 GMT" + ], + "Content-Length": [ + "1240" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an function app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e60b895-3786-45da-8377-9c6b4b6ac5f9\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8xMWFjNzhlMy0zMWJjLTRmMGMtODQzNC0zN2FiOTYzY2VhMDc/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:aca1baca-fdb9-47f3-8b37-09af02624fdd" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11995" + ], + "x-ms-correlation-request-id": [ + "efd3ce7f-b106-4abd-8944-4a03eb2e54fe" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204140Z:efd3ce7f-b106-4abd-8944-4a03eb2e54fe" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:39 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '11ac78e3-31bc-4f0c-8434-37ab963cea07' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8xMWFjNzhlMy0zMWJjLTRmMGMtODQzNC0zN2FiOTYzY2VhMDc/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:4c58fc92-b0e7-48c8-90a0-1f84910c1d9d" + ], + "x-ms-correlation-request-id": [ + "382ddf42-6adb-4778-8228-420cd64efcf3" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204140Z:382ddf42-6adb-4778-8228-420cd64efcf3" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:39 GMT" + ], + "Content-Length": [ + "5357" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11ac78e3-31bc-4f0c-8434-37ab963cea07\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8xMmY3ZTVkMC00MmE3LTQ2MzAtODBkOC01NGZiN2NmZjliZDY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:600e08b8-b315-4ff3-9c01-ebaa022ef50a" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "a43d5ef1-556c-4940-a461-be9fa73ec5c8" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204140Z:a43d5ef1-556c-4940-a461-be9fa73ec5c8" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:40 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '12f7e5d0-42a7-4630-80d8-54fb7cff9bd6' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8xMmY3ZTVkMC00MmE3LTQ2MzAtODBkOC01NGZiN2NmZjliZDY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:6ff079fa-0ac0-4235-afe5-0bc2892c448b" + ], + "x-ms-correlation-request-id": [ + "ec17e781-761c-4757-bbcd-8a30d4f1042c" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204140Z:ec17e781-761c-4757-bbcd-8a30d4f1042c" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:39 GMT" + ], + "Content-Length": [ + "4075" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the required content to audit that an application is installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"WhitelistedApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WhitelistedApplication\"\r\n },\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"installedApplication\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[Parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/16390df4-2f73-4b42-af13-c801066763df?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8xNjM5MGRmNC0yZjczLTRiNDItYWYxMy1jODAxMDY2NzYzZGY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:43731273-ceaa-4877-9642-4de8a5d9175e" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-correlation-request-id": [ + "75a8e671-4a53-44b6-a866-31f407d46c62" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204140Z:75a8e671-4a53-44b6-a866-31f407d46c62" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:40 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '16390df4-2f73-4b42-af13-c801066763df' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/16390df4-2f73-4b42-af13-c801066763df?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8xNjM5MGRmNC0yZjczLTRiNDItYWYxMy1jODAxMDY2NzYzZGY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11999" + ], + "x-ms-request-id": [ + "westus2:e611c192-ea42-4d35-bfaa-5fe5c7fb7509" + ], + "x-ms-correlation-request-id": [ + "5985bbf4-f4bf-4c30-b0e9-8c3c15ade50f" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204140Z:5985bbf4-f4bf-4c30-b0e9-8c3c15ade50f" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:40 GMT" + ], + "Content-Length": [ + "3162" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16390df4-2f73-4b42-af13-c801066763df\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/17k78e20-9358-41c9-923c-fb736d382a12?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8xN2s3OGUyMC05MzU4LTQxYzktOTIzYy1mYjczNmQzODJhMTI/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:48e8794a-63cc-48c7-9868-da7ea9f6632d" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-correlation-request-id": [ + "f3cabc1b-123f-47d8-8c1c-a00bf061a590" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204141Z:f3cabc1b-123f-47d8-8c1c-a00bf061a590" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:40 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '17k78e20-9358-41c9-923c-fb736d382a12' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/17k78e20-9358-41c9-923c-fb736d382a12?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8xN2s3OGUyMC05MzU4LTQxYzktOTIzYy1mYjczNmQzODJhMTI/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:d26b4038-21bc-43db-86c1-d5eb720fcdb9" + ], + "x-ms-correlation-request-id": [ + "382f6b73-4ac2-4583-97ed-23ebef886643" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204141Z:382f6b73-4ac2-4583-97ed-23ebef886643" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:41 GMT" + ], + "Content-Length": [ + "1014" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit transparent data encryption status\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit transparent data encryption status for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"enabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17k78e20-9358-41c9-923c-fb736d382a12\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/1c210e94-a481-4beb-95fa-1571b434fb04?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8xYzIxMGU5NC1hNDgxLTRiZWItOTVmYS0xNTcxYjQzNGZiMDQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:85148d48-bc02-4113-90a7-dbdf0dbf6f0c" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11994" + ], + "x-ms-correlation-request-id": [ + "b4e9e5a8-a470-4df9-a7b8-c4594c8f19de" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204141Z:b4e9e5a8-a470-4df9-a7b8-c4594c8f19de" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:41 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '1c210e94-a481-4beb-95fa-1571b434fb04' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/1c210e94-a481-4beb-95fa-1571b434fb04?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8xYzIxMGU5NC1hNDgxLTRiZWItOTVmYS0xNTcxYjQzNGZiMDQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:8e4dcea3-7261-4999-95db-7eca94fecba8" + ], + "x-ms-correlation-request-id": [ + "86143580-ed5e-4c0c-95e4-e2c8d783ca4e" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204141Z:86143580-ed5e-4c0c-95e4-e2c8d783ca4e" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:40 GMT" + ], + "Content-Length": [ + "4871" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1c210e94-a481-4beb-95fa-1571b434fb04\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8xZDg0ZDVmYi0wMWY2LTRkMTItYmE0Zi00YTI2MDgxZDQwM2Q/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:49f70228-41ab-44b8-b876-444a3bf588bd" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "694032d2-5487-4c56-9cc5-3c78690bfd75" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204141Z:694032d2-5487-4c56-9cc5-3c78690bfd75" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:41 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '1d84d5fb-01f6-4d12-ba4f-4a26081d403d' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8xZDg0ZDVmYi0wMWY2LTRkMTItYmE0Zi00YTI2MDgxZDQwM2Q/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:3017b7d0-2b12-4b70-bcdd-3e92fa38c71d" + ], + "x-ms-correlation-request-id": [ + "3af5b4e0-4422-4b8f-9234-0ca74996e4db" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204141Z:3af5b4e0-4422-4b8f-9234-0ca74996e4db" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:40 GMT" + ], + "Content-Length": [ + "1035" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicCompute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d84d5fb-01f6-4d12-ba4f-4a26081d403d\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8xZGU3YjExZC0xODcwLTQxYTUtODE4MS01MDdlN2M2NjNjZmI/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:8eb6bec8-8ef9-4f25-8408-b03f41a51a6d" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "23afd0d4-440e-4059-9e42-cdf6498fbc82" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204141Z:23afd0d4-440e-4059-9e42-cdf6498fbc82" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:41 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '1de7b11d-1870-41a5-8181-507e7c663cfb' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8xZGU3YjExZC0xODcwLTQxYTUtODE4MS01MDdlN2M2NjNjZmI/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:90713ff4-14cc-4c16-bed9-82d9dd4b142d" + ], + "x-ms-correlation-request-id": [ + "a5bbf685-8b97-4a94-9ce5-bc27cd9f264c" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204141Z:a5bbf685-8b97-4a94-9ce5-bc27cd9f264c" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:41 GMT" + ], + "Content-Length": [ + "1220" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1de7b11d-1870-41a5-8181-507e7c663cfb\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8xZTMwMTEwYS01Y2ViLTQ2MGMtYTIwNC1jMWMzOTY5YzZkNjI/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:73ee6bf1-176f-4d96-9e31-a2da20e9eaa3" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11994" + ], + "x-ms-correlation-request-id": [ + "d044db0b-85ee-49b5-b598-2e2586a1a407" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204141Z:d044db0b-85ee-49b5-b598-2e2586a1a407" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:41 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '1e30110a-5ceb-460c-a204-c1c3969c6d62' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8xZTMwMTEwYS01Y2ViLTQ2MGMtYTIwNC1jMWMzOTY5YzZkNjI/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:f82ae3fb-7a41-41dc-a054-93be138adef8" + ], + "x-ms-correlation-request-id": [ + "81ad1680-4f96-4a71-948f-7b4320e6792d" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204142Z:81ad1680-4f96-4a71-948f-7b4320e6792d" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:41 GMT" + ], + "Content-Length": [ + "805" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enforces a required tag and its value. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e30110a-5ceb-460c-a204-c1c3969c6d62\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8xZjMxNDc2NC1jYjczLTRmYzktYjg2My04ZWNhOThhYzM2ZTk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:fbe074fc-7b98-4491-ad52-98394c289381" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-correlation-request-id": [ + "0a543465-dc9f-4088-8f96-0295f2c827a5" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204142Z:0a543465-dc9f-4088-8f96-0295f2c827a5" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:41 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '1f314764-cb73-4fc9-b863-8eca98ac36e9' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8xZjMxNDc2NC1jYjczLTRmYzktYjg2My04ZWNhOThhYzM2ZTk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11995" + ], + "x-ms-request-id": [ + "westus2:7437e15d-8eb4-4b78-9f61-62e890475c46" + ], + "x-ms-correlation-request-id": [ + "9aa788ab-b582-40db-b6b3-aeee0dd17ef8" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204142Z:9aa788ab-b582-40db-b6b3-aeee0dd17ef8" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:41 GMT" + ], + "Content-Length": [ + "1047" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit provisioning of an Azure Active Directory administrator for SQL server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/administrators\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f314764-cb73-4fc9-b863-8eca98ac36e9\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8yMDFlYTU4Ny03YzkwLTQxYzMtOTEwZi1jMjgwYWUwMWNmZDY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:63d4cc90-5b2c-422e-8650-7b175c029c02" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "413e4d3f-5e0a-429a-b23b-d0be3aa70299" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204142Z:413e4d3f-5e0a-429a-b23b-d0be3aa70299" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:41 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '201ea587-7c90-41c3-910f-c280ae01cfd6' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8yMDFlYTU4Ny03YzkwLTQxYzMtOTEwZi1jMjgwYWUwMWNmZDY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11994" + ], + "x-ms-request-id": [ + "westus2:6f847e78-f476-4ff7-b66e-cbfeaa1d5a3f" + ], + "x-ms-correlation-request-id": [ + "b6ce9db9-310e-4547-893a-4351b08b7fa8" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204142Z:b6ce9db9-310e-4547-893a-4351b08b7fa8" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:42 GMT" + ], + "Content-Length": [ + "1191" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected web application in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Web applications without a Web Application Firewall protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\",\r\n \"Microsoft.Web/hostingEnvironments\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201ea587-7c90-41c3-910f-c280ae01cfd6\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8yMjRkYTlmZS0wZDM4LTRlNzktYWRiMy0wYTZlMmFmOTQyYWM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:8ff9e199-8e68-41f2-9a65-c47148703c70" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "328bce17-f892-4104-997f-b9cd3be8e10a" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204142Z:328bce17-f892-4104-997f-b9cd3be8e10a" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:41 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '224da9fe-0d38-4e79-adb3-0a6e2af942ac' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8yMjRkYTlmZS0wZDM4LTRlNzktYWRiMy0wYTZlMmFmOTQyYWM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11993" + ], + "x-ms-request-id": [ + "westus2:58f8b538-5b9d-4f98-878d-e127ee740224" + ], + "x-ms-correlation-request-id": [ + "5f47c013-ffe7-4dc5-92d1-b0806ac56875" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204142Z:5f47c013-ffe7-4dc5-92d1-b0806ac56875" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:42 GMT" + ], + "Content-Length": [ + "1157" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a API app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"224da9fe-0d38-4e79-adb3-0a6e2af942ac\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8yMmJlZTIwMi1hODJmLTQzMDUtOWEyYS02ZDdmNDRkNGRlZGI/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:26df7fd6-dc35-49fd-8e1d-c8fcc6b168a5" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11992" + ], + "x-ms-correlation-request-id": [ + "6c193914-3434-4921-9e14-2d5fbcf1bc2f" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204142Z:6c193914-3434-4921-9e14-2d5fbcf1bc2f" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:41 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '22bee202-a82f-4305-9a2a-6d7f44d4dedb' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8yMmJlZTIwMi1hODJmLTQzMDUtOWEyYS02ZDdmNDRkNGRlZGI/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:7c29ce5f-a746-4949-b7ac-227789548b5b" + ], + "x-ms-correlation-request-id": [ + "258e3167-1bb2-4543-b1b4-0c750ef0b555" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204142Z:258e3167-1bb2-4543-b1b4-0c750ef0b555" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:42 GMT" + ], + "Content-Length": [ + "1027" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of only secure connections to your Redis Cache\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Cache\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22bee202-a82f-4305-9a2a-6d7f44d4dedb\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/23020aa6-1135-4be2-bae2-149982b06eca?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8yMzAyMGFhNi0xMTM1LTRiZTItYmFlMi0xNDk5ODJiMDZlY2E/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:f9bb5a6e-4486-4842-906e-4bafa3f50aeb" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-correlation-request-id": [ + "88d3f298-eae7-4cc1-8664-9c48f61dd664" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204142Z:88d3f298-eae7-4cc1-8664-9c48f61dd664" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:42 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '23020aa6-1135-4be2-bae2-149982b06eca' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/23020aa6-1135-4be2-bae2-149982b06eca?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8yMzAyMGFhNi0xMTM1LTRiZTItYmFlMi0xNDk5ODJiMDZlY2E/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11999" + ], + "x-ms-request-id": [ + "westus2:4b7725c3-bc31-4d56-9924-b27cfe9ede13" + ], + "x-ms-correlation-request-id": [ + "7c69d524-d07b-4504-b496-ced6ac688318" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204142Z:7c69d524-d07b-4504-b496-ced6ac688318" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:42 GMT" + ], + "Content-Length": [ + "3172" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordLength\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordLength\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23020aa6-1135-4be2-bae2-149982b06eca\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8yNGRkZTk2ZC1mMGIxLTQyNWUtODg0Zi00YTE0MjFlMmRjZGM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:833a2e78-4af6-4f90-80c2-3bf736640044" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11996" + ], + "x-ms-correlation-request-id": [ + "0c072033-0c4d-4c2b-a9d3-496e472b59d4" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204143Z:0c072033-0c4d-4c2b-a9d3-496e472b59d4" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:42 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '24dde96d-f0b1-425e-884f-4a1421e2dcdc' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8yNGRkZTk2ZC1mMGIxLTQyNWUtODg0Zi00YTE0MjFlMmRjZGM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:54cfa37d-55e1-4237-915f-71af70cd5652" + ], + "x-ms-correlation-request-id": [ + "66eb6597-9707-4f7d-b365-bcc0da4b6e27" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204143Z:66eb6597-9707-4f7d-b365-bcc0da4b6e27" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:42 GMT" + ], + "Content-Length": [ + "1361" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8yNmVlNjdhMi1mODFhLTRiYTgtYjljZS04NTUwYmQ1ZWUxYTc/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:0d09804d-33ea-4b07-8ea6-187ac68c7863" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "6173bf29-3180-49d0-ba48-13066b8614ca" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204143Z:6173bf29-3180-49d0-ba48-13066b8614ca" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:43 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8yNmVlNjdhMi1mODFhLTRiYTgtYjljZS04NTUwYmQ1ZWUxYTc/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:e86a11fd-80dd-4229-a803-bd4865be0ec2" + ], + "x-ms-correlation-request-id": [ + "f2f46393-9b50-495a-a1dc-7dc9e3befd03" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204143Z:f2f46393-9b50-495a-a1dc-7dc9e3befd03" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:42 GMT" + ], + "Content-Length": [ + "1491" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit configuration of metric alert rules on Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit configuration of metric alert rules on Batch account to enable the required metric\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/alertRules\",\r\n \"existenceScope\": \"Subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\r\n \"equals\": \"[parameters('metricName')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\r\n \"equals\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', field('name'))]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/2835b622-407b-4114-9198-6f7064cbe0dc?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8yODM1YjYyMi00MDdiLTQxMTQtOTE5OC02ZjcwNjRjYmUwZGM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:e7f1cf8c-457a-4bb8-9586-821406f4817f" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11995" + ], + "x-ms-correlation-request-id": [ + "2b4b49b2-4a3d-4616-b452-7608b3b6fdf5" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204143Z:2b4b49b2-4a3d-4616-b452-7608b3b6fdf5" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:42 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '2835b622-407b-4114-9198-6f7064cbe0dc' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/2835b622-407b-4114-9198-6f7064cbe0dc?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8yODM1YjYyMi00MDdiLTQxMTQtOTE5OC02ZjcwNjRjYmUwZGM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11995" + ], + "x-ms-request-id": [ + "westus2:0c0a7803-af1c-4837-bedf-05ac54d9b737" + ], + "x-ms-correlation-request-id": [ + "70467b51-8506-4bdf-98b3-4ea5623ddbaf" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204143Z:70467b51-8506-4bdf-98b3-4ea5623ddbaf" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:43 GMT" + ], + "Content-Length": [ + "4287" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Microsoft IaaSAntimalware extension for Windows Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys a Microsoft IaaSAntimalware extension with a default configuraion when a VM is not configured with the antimalware extension.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of process names to exclude from scanning\"\r\n }\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"false\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Quick\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"7\",\r\n \"metadata\": {\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"120\",\r\n \"metadata\": {\r\n \"description\": \"When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM.\"\r\n }\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2835b622-407b-4114-9198-6f7064cbe0dc\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8yYTBlMTRhNi1iMGE2LTRmYWItOTkxYS0xODdhNGY4MWM0OTg/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:ef1b07ce-1eb9-4104-a1dd-a3268e901019" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11993" + ], + "x-ms-correlation-request-id": [ + "d04557b9-7d1c-495c-9bb8-c6fdbbc22295" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204143Z:d04557b9-7d1c-495c-9bb8-c6fdbbc22295" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:43 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '2a0e14a6-b0a6-4fab-991a-187a4f81c498' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8yYTBlMTRhNi1iMGE2LTRmYWItOTkxYS0xODdhNGY4MWM0OTg/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:e1f2727f-094f-4ca7-a37c-28ce335a41cc" + ], + "x-ms-correlation-request-id": [ + "c7b91be7-628c-4ea9-a4dd-d9b7096117a1" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204143Z:c7b91be7-628c-4ea9-a4dd-d9b7096117a1" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:43 GMT" + ], + "Content-Length": [ + "933" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Applies a required tag and its default value if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8yZDYwZDNiNy1hYTEwLTQ1NGMtODhhOC1kZTM5ZDk5ZDE3YzY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:1aa1009b-cd69-4841-9d31-749889df4c2d" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "df1fbdce-1f4e-4ee9-b5c0-8295782e87d8" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204144Z:df1fbdce-1f4e-4ee9-b5c0-8295782e87d8" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:43 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '2d60d3b7-aa10-454c-88a8-de39d99d17c6' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8yZDYwZDNiNy1hYTEwLTQ1NGMtODhhOC1kZTM5ZDk5ZDE3YzY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:20418171-8881-41bb-8eae-acea09f6bc0f" + ], + "x-ms-correlation-request-id": [ + "fc4d73ac-820f-4f88-899f-ab07972cfdf6" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204144Z:fc4d73ac-820f-4f88-899f-ab07972cfdf6" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:43 GMT" + ], + "Content-Length": [ + "1376" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8yZDY3MjIyZC0wNWZkLTQ1MjYtYTE3MS0yZWUxMzJhZDllODM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:b86f3d9b-1436-47d8-9ce3-848b193534f6" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11996" + ], + "x-ms-correlation-request-id": [ + "4b78230a-fdbf-48b7-ab9e-a29c20a6c9ec" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204144Z:4b78230a-fdbf-48b7-ab9e-a29c20a6c9ec" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:43 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '2d67222d-05fd-4526-a171-2ee132ad9e83' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8yZDY3MjIyZC0wNWZkLTQ1MjYtYTE3MS0yZWUxMzJhZDllODM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:e94c8e40-d269-4473-aa22-6555528b9c4e" + ], + "x-ms-correlation-request-id": [ + "0d3e1684-6632-451e-8cd8-74196a1de334" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204144Z:0d3e1684-6632-451e-8cd8-74196a1de334" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:43 GMT" + ], + "Content-Length": [ + "2063" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8yZmRlOGE5OC02ODkyLTQyNmEtODNiYS0wNTBlNjQwYzBjZTA/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:2525ea07-cc46-41b6-b328-6ab5799aaa43" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11993" + ], + "x-ms-correlation-request-id": [ + "8b6510d1-66dc-470a-a5d9-8b6f0b8734db" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204144Z:8b6510d1-66dc-470a-a5d9-8b6f0b8734db" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:43 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '2fde8a98-6892-426a-83ba-050e640c0ce0' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8yZmRlOGE5OC02ODkyLTQyNmEtODNiYS0wNTBlNjQwYzBjZTA/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11999" + ], + "x-ms-request-id": [ + "westus2:584e0a89-5375-42be-ad1d-9700385f2d3b" + ], + "x-ms-correlation-request-id": [ + "0fc9f04b-c928-4f29-9e28-2cad8aac40ec" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204144Z:0fc9f04b-c928-4f29-9e28-2cad8aac40ec" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:44 GMT" + ], + "Content-Length": [ + "1248" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fde8a98-6892-426a-83ba-050e640c0ce0\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/32133ab0-ee4b-4b44-98d6-042180979d50?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8zMjEzM2FiMC1lZTRiLTRiNDQtOThkNi0wNDIxODA5NzlkNTA/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:b59b5c62-bf4a-4e1a-99eb-1f4dcf0c35c8" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-correlation-request-id": [ + "18fc6336-afde-4b15-b87e-2a99e0fb5843" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204144Z:18fc6336-afde-4b15-b87e-2a99e0fb5843" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:44 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '32133ab0-ee4b-4b44-98d6-042180979d50' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/32133ab0-ee4b-4b44-98d6-042180979d50?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8zMjEzM2FiMC1lZTRiLTRiNDQtOThkNi0wNDIxODA5NzlkNTA/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11992" + ], + "x-ms-request-id": [ + "westus2:10834671-6375-43cb-8aec-ffca2f866c74" + ], + "x-ms-correlation-request-id": [ + "25452326-6bd8-480b-8ba2-16bdef87462f" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204144Z:25452326-6bd8-480b-8ba2-16bdef87462f" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:44 GMT" + ], + "Content-Length": [ + "5563" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32133ab0-ee4b-4b44-98d6-042180979d50\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/3470477a-b35a-49db-aca5-1073d04524fe?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8zNDcwNDc3YS1iMzVhLTQ5ZGItYWNhNS0xMDczZDA0NTI0ZmU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:980e32ea-0357-42e3-b065-b418d230ba44" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11992" + ], + "x-ms-correlation-request-id": [ + "548f2bfe-f5b9-4a95-8a73-e05cf828f706" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204145Z:548f2bfe-f5b9-4a95-8a73-e05cf828f706" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:45 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '3470477a-b35a-49db-aca5-1073d04524fe' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/3470477a-b35a-49db-aca5-1073d04524fe?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8zNDcwNDc3YS1iMzVhLTQ5ZGItYWNhNS0xMDczZDA0NTI0ZmU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:73bed8a5-aed3-4459-9a38-58536fe6c7fe" + ], + "x-ms-correlation-request-id": [ + "7a935c18-b368-4e3f-b032-200171ff9e81" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204145Z:7a935c18-b368-4e3f-b032-200171ff9e81" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:44 GMT" + ], + "Content-Length": [ + "3839" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid232\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3470477a-b35a-49db-aca5-1073d04524fe\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8zNGM4NzdhZC01MDdlLTRjODItOTkzZS0zNDUyYTZlMGFkM2M/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:b938cc97-0b38-4b00-ad48-cc0bf2577dad" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "a39b456c-12f1-4fb9-a3db-d3c4beccec79" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204145Z:a39b456c-12f1-4fb9-a3db-d3c4beccec79" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:45 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '34c877ad-507e-4c82-993e-3452a6e0ad3c' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8zNGM4NzdhZC01MDdlLTRjODItOTkzZS0zNDUyYTZlMGFkM2M/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11999" + ], + "x-ms-request-id": [ + "westus2:e3446b7b-87fa-464b-adb2-96635c124d4f" + ], + "x-ms-correlation-request-id": [ + "ada7df4d-a271-4917-83a5-410ee69a795e" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204145Z:ada7df4d-a271-4917-83a5-410ee69a795e" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:44 GMT" + ], + "Content-Length": [ + "1158" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"equals\": \"Allow\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34c877ad-507e-4c82-993e-3452a6e0ad3c\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/34f95f76-5386-4de7-b824-0d8478470c9d?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8zNGY5NWY3Ni01Mzg2LTRkZTctYjgyNC0wZDg0Nzg0NzBjOWQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:b3ae16a2-038b-499f-bcc8-9028e38e941c" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "ecf4d36f-0d83-4435-ac7f-baf41e0b678a" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204145Z:ecf4d36f-0d83-4435-ac7f-baf41e0b678a" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:45 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '34f95f76-5386-4de7-b824-0d8478470c9d' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/34f95f76-5386-4de7-b824-0d8478470c9d?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8zNGY5NWY3Ni01Mzg2LTRkZTctYjgyNC0wZDg0Nzg0NzBjOWQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:d7343942-1b91-4a7b-9331-10b76af7ddbd" + ], + "x-ms-correlation-request-id": [ + "2e1a386c-8de6-4dfb-8448-2a5d4a05fcbc" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204146Z:2e1a386c-8de6-4dfb-8448-2a5d4a05fcbc" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:45 GMT" + ], + "Content-Length": [ + "1393" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Logic Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Logic Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34f95f76-5386-4de7-b824-0d8478470c9d\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/356a906e-05e5-4625-8729-90771e0ee934?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8zNTZhOTA2ZS0wNWU1LTQ2MjUtODcyOS05MDc3MWUwZWU5MzQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:65d72545-2a66-4e2a-98b3-421a0193fc37" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-correlation-request-id": [ + "c3f10f6f-656f-4d83-bff6-b009c08bd621" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204146Z:c3f10f6f-656f-4d83-bff6-b009c08bd621" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:45 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '356a906e-05e5-4625-8729-90771e0ee934' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/356a906e-05e5-4625-8729-90771e0ee934?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8zNTZhOTA2ZS0wNWU1LTQ2MjUtODcyOS05MDc3MWUwZWU5MzQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:4f5c7f84-94d7-4938-a293-09ffe9f596f1" + ], + "x-ms-correlation-request-id": [ + "d6a98b5c-50c8-4611-ac9e-531712003491" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204146Z:d6a98b5c-50c8-4611-ac9e-531712003491" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:45 GMT" + ], + "Content-Length": [ + "3182" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MaximumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MaximumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"356a906e-05e5-4625-8729-90771e0ee934\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8zNThjMjBhNi0zZjllLTRmMGUtOTdmZi1jNmNlNDg1ZTJhYWM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:32e4ba36-0e8d-4b10-a959-dd3000923515" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "83f6ba41-0f48-4b17-83b2-7f7c35843edc" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204146Z:83f6ba41-0f48-4b17-83b2-7f7c35843edc" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:46 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '358c20a6-3f9e-4f0e-97ff-c6ce485e2aac' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8zNThjMjBhNi0zZjllLTRmMGUtOTdmZi1jNmNlNDg1ZTJhYWM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:e34836c6-5d63-4c2b-852d-c81d6474affe" + ], + "x-ms-correlation-request-id": [ + "6a7afb51-ae95-458a-bb58-63e80a40f2bd" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204146Z:6a7afb51-ae95-458a-bb58-63e80a40f2bd" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:45 GMT" + ], + "Content-Length": [ + "1205" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8zNjU3ZjVhMC03NzBlLTQ0YTMtYjQ0ZS05NDMxYmExZTk3MzU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:da9e3111-b68e-4379-9cfc-342b3c5e194a" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-correlation-request-id": [ + "ebab2a29-aa35-42eb-9d1e-c4a476bf7411" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204146Z:ebab2a29-aa35-42eb-9d1e-c4a476bf7411" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:46 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '3657f5a0-770e-44a3-b44e-9431ba1e9735' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8zNjU3ZjVhMC03NzBlLTQ0YTMtYjQ0ZS05NDMxYmExZTk3MzU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11995" + ], + "x-ms-request-id": [ + "westus2:2b4d66dd-753f-4f6b-9151-f7784b42ce66" + ], + "x-ms-correlation-request-id": [ + "eabf9fb8-0d31-42e5-91ad-f051b50da00f" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204146Z:eabf9fb8-0d31-42e5-91ad-f051b50da00f" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:46 GMT" + ], + "Content-Length": [ + "927" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit enablement of encryption of Automation account variables\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is important to enable encryption of Automation account variable assets when storing sensitive data\",\r\n \"metadata\": {\r\n \"category\": \"Automation\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts/variables\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Automation/automationAccounts/variables/isEncrypted\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3657f5a0-770e-44a3-b44e-9431ba1e9735\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8zNmQ0OWU4Ny00OGM0LTRmMmUtYmVlZC1iYTRlZDAyYjcxZjU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:1b48dae8-8441-4ddb-a5cb-9edf9394a276" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-correlation-request-id": [ + "0e03b79d-d93a-4b3e-9ed2-d7e2cf61cc9d" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204147Z:0e03b79d-d93a-4b3e-9ed2-d7e2cf61cc9d" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:46 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '36d49e87-48c4-4f2e-beed-ba4ed02b71f5' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8zNmQ0OWU4Ny00OGM0LTRmMmUtYmVlZC1iYTRlZDAyYjcxZjU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:47050a11-c59d-4387-a3a5-6d6db451105c" + ], + "x-ms-correlation-request-id": [ + "a61e7e20-52b3-41e3-a185-5ca7f555c809" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204147Z:a61e7e20-52b3-41e3-a185-5ca7f555c809" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:47 GMT" + ], + "Content-Length": [ + "1349" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Threat Detection is enabled on SQL Servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8zN2UwZDJmZS0yOGE1LTQzZDYtYTI3My02N2QzN2QxZjU2MDY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:3d7062ee-5651-4a80-9260-bf26341dcef3" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11995" + ], + "x-ms-correlation-request-id": [ + "247c832f-bcfc-466a-b8e1-a33058c27f4a" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204147Z:247c832f-bcfc-466a-b8e1-a33058c27f4a" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:46 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '37e0d2fe-28a5-43d6-a273-67d37d1f5606' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8zN2UwZDJmZS0yOGE1LTQzZDYtYTI3My02N2QzN2QxZjU2MDY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:40e8e415-5c78-4797-b833-c070332b02e9" + ], + "x-ms-correlation-request-id": [ + "86b01d04-a5d0-4674-8d47-b614bd3d2742" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204147Z:86b01d04-a5d0-4674-8d47-b614bd3d2742" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:46 GMT" + ], + "Content-Length": [ + "1054" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicStorage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8zODM4NTZmOC1kZTdmLTQ0YTItODFmYy1lNTEzNWI1YzJhYTQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:883729fa-df30-443e-bb78-dac839cb3c28" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11996" + ], + "x-ms-correlation-request-id": [ + "af0eb6cd-8671-4b60-a1ab-b1640b412f99" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204147Z:af0eb6cd-8671-4b60-a1ab-b1640b412f99" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:47 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '383856f8-de7f-44a2-81fc-e5135b5c2aa4' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8zODM4NTZmOC1kZTdmLTQ0YTItODFmYy1lNTEzNWI1YzJhYTQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:ebed998b-6755-4009-8ab7-6998a4b9f40e" + ], + "x-ms-correlation-request-id": [ + "50c4ee36-a665-40f2-8153-76159b249b5d" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204147Z:50c4ee36-a665-40f2-8153-76159b249b5d" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:46 GMT" + ], + "Content-Length": [ + "1397" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in IoT Hubs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Internet of Things\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Devices/IotHubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"383856f8-de7f-44a2-81fc-e5135b5c2aa4\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8zYmUyMmUzYi1kOTE5LTQ3YWEtODA1ZS04OTg1ZGJlYjBhZDk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:fd1d7b31-7eea-47e2-95df-95b3e0f30376" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-correlation-request-id": [ + "10fc680f-8f3a-4904-9ffe-4fff3dd77661" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204147Z:10fc680f-8f3a-4904-9ffe-4fff3dd77661" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:46 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '3be22e3b-d919-47aa-805e-8985dbeb0ad9' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8zYmUyMmUzYi1kOTE5LTQ3YWEtODA1ZS04OTg1ZGJlYjBhZDk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:26c33ba5-8b20-49ef-ba8f-af5e9bc8e6f6" + ], + "x-ms-correlation-request-id": [ + "9fd12ece-f4d5-4abe-9df9-1bc600c73091" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204147Z:9fd12ece-f4d5-4abe-9df9-1bc600c73091" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:47 GMT" + ], + "Content-Length": [ + "5024" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8zYzFiMzYyOS1jOGY4LTRiZjYtODYyYy0wMzdjYjkwOTQwMzg/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:a4f46c72-c7aa-4324-bcff-101157aee7c1" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "3204591d-cbea-476e-86d1-423d7676b70b" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204147Z:3204591d-cbea-476e-86d1-423d7676b70b" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:47 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '3c1b3629-c8f8-4bf6-862c-037cb9094038' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8zYzFiMzYyOS1jOGY4LTRiZjYtODYyYy0wMzdjYjkwOTQwMzg/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:fea731bd-8b50-40df-9a8e-b7f4a306a39c" + ], + "x-ms-correlation-request-id": [ + "88c1bda6-ce33-48a7-a40c-4a01057529ca" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204147Z:88c1bda6-ce33-48a7-a40c-4a01057529ca" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:47 GMT" + ], + "Content-Length": [ + "5795" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c1b3629-c8f8-4bf6-862c-037cb9094038\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8zZDg2NDBmYy02M2Y2LTQ3MzQtOGRjYi1jZmQzZDhjNzhmMzg/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:802a12e2-c421-4dcb-b1be-39a8be8e812c" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "3a39b37e-3327-4a77-adcc-3aeab902681e" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204148Z:3a39b37e-3327-4a77-adcc-3aeab902681e" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:47 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '3d8640fc-63f6-4734-8dcb-cfd3d8c78f38' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8zZDg2NDBmYy02M2Y2LTQ3MzQtOGRjYi1jZmQzZDhjNzhmMzg/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:2c42c0e6-f2df-472d-a28e-c6aecc8d7bab" + ], + "x-ms-correlation-request-id": [ + "032543bd-f09a-4812-9859-40d1a19bfe5b" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204148Z:032543bd-f09a-4812-9859-40d1a19bfe5b" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:47 GMT" + ], + "Content-Length": [ + "2759" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Log Analytics Agent for Ubuntu VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace\",\r\n \"metadata\": {\r\n \"category\": \"Compute\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\",\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\",\r\n \"14.04.2-LTS\",\r\n \"12.04.5-LTS\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8zZmUzNzAwMi01ZDAwLTRiMzctYTMwMS1kYTA5ZTNhMGNhNjY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:f3d68af2-e3b6-4723-8b33-29fd40fc850f" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "6e24575d-fb7b-42f8-b954-d2149f256e3e" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204148Z:6e24575d-fb7b-42f8-b954-d2149f256e3e" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:47 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '3fe37002-5d00-4b37-a301-da09e3a0ca66' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy8zZmUzNzAwMi01ZDAwLTRiMzctYTMwMS1kYTA5ZTNhMGNhNjY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:e6381458-3b71-4ac3-be7c-603b15df88b2" + ], + "x-ms-correlation-request-id": [ + "d4a7f976-5736-4fe0-899c-d2d1121be463" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204148Z:d4a7f976-5736-4fe0-899c-d2d1121be463" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:48 GMT" + ], + "Content-Length": [ + "1205" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fe37002-5d00-4b37-a301-da09e3a0ca66\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/404c3081-a854-4457-ae30-26a93ef643f9?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy80MDRjMzA4MS1hODU0LTQ0NTctYWUzMC0yNmE5M2VmNjQzZjk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:b9de2bac-8061-416d-b538-43be5db4b749" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "a81f99c1-67d1-4a14-8e69-37c160049e5d" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204148Z:a81f99c1-67d1-4a14-8e69-37c160049e5d" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:48 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '404c3081-a854-4457-ae30-26a93ef643f9' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/404c3081-a854-4457-ae30-26a93ef643f9?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy80MDRjMzA4MS1hODU0LTQ0NTctYWUzMC0yNmE5M2VmNjQzZjk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:49ba6d6f-46e8-4d08-8995-fbc7fc2c02b4" + ], + "x-ms-correlation-request-id": [ + "5e5ef72b-7805-4cf9-b382-c4f6b645ab6c" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204148Z:5e5ef72b-7805-4cf9-b382-c4f6b645ab6c" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:48 GMT" + ], + "Content-Length": [ + "1161" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit secure transfer to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit requirment of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"404c3081-a854-4457-ae30-26a93ef643f9\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/428256e6-1fac-4f48-a757-df34c2b3336d?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy80MjgyNTZlNi0xZmFjLTRmNDgtYTc1Ny1kZjM0YzJiMzMzNmQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:b8fb781c-3d0b-4513-a24e-fa676a675457" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11992" + ], + "x-ms-correlation-request-id": [ + "4f0e1206-a3d9-49e3-94c8-6627f27fc37d" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204148Z:4f0e1206-a3d9-49e3-94c8-6627f27fc37d" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:48 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '428256e6-1fac-4f48-a757-df34c2b3336d' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/428256e6-1fac-4f48-a757-df34c2b3336d?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy80MjgyNTZlNi0xZmFjLTRmNDgtYTc1Ny1kZjM0YzJiMzMzNmQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11995" + ], + "x-ms-request-id": [ + "westus2:44b88196-ee13-46a5-bced-b20b51dec287" + ], + "x-ms-correlation-request-id": [ + "50114f54-01b4-4a3f-b503-994117a2a4cc" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204148Z:50114f54-01b4-4a3f-b503-994117a2a4cc" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:48 GMT" + ], + "Content-Length": [ + "1396" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"428256e6-1fac-4f48-a757-df34c2b3336d\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy80NDQ1MjQ4Mi01MjRmLTRiZjQtYjg1Mi0wYmZmN2NjNGEzZWQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:1f736a5f-a05a-4b16-a784-146d89381bd0" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "927df1ea-cf58-4c71-b2df-b8c670266030" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204149Z:927df1ea-cf58-4c71-b2df-b8c670266030" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:48 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '44452482-524f-4bf4-b852-0bff7cc4a3ed' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy80NDQ1MjQ4Mi01MjRmLTRiZjQtYjg1Mi0wYmZmN2NjNGEzZWQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:ddb9efaa-1769-40a9-80f3-bbb4c8c94fb8" + ], + "x-ms-correlation-request-id": [ + "82f21c4b-6e66-47a9-bc0f-360135bf9c7a" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204149Z:82f21c4b-6e66-47a9-bc0f-360135bf9c7a" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:48 GMT" + ], + "Content-Length": [ + "1140" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor permissive network access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"permissiveNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44452482-524f-4bf4-b852-0bff7cc4a3ed\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy80NjRkYmI4NS0zZDVmLTRhMWQtYmIwOS05NWE5YjVkZDE5Y2Y/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:91fae7a7-0015-434e-87ae-01ecfb83cd68" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-correlation-request-id": [ + "76cf49e8-9a4e-4287-9a14-aa57a873e038" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204149Z:76cf49e8-9a4e-4287-9a14-aa57a873e038" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:48 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy80NjRkYmI4NS0zZDVmLTRhMWQtYmIwOS05NWE5YjVkZDE5Y2Y/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:48624b97-63ae-468c-8abf-bf1bbc294386" + ], + "x-ms-correlation-request-id": [ + "670adb93-d4d3-410c-94ce-4f5a54ea8a6d" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204149Z:670adb93-d4d3-410c-94ce-4f5a54ea8a6d" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:49 GMT" + ], + "Content-Length": [ + "569" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Require SQL Server version 12.0\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures all SQL servers use version 12.0\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/version\",\r\n \"equals\": \"12.0\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy80NjU0NGQ3Yi0xZjBkLTQ2ZjUtODFkYS01YzEzNTFkZTFiMDY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:17c4581f-0458-4b61-a112-81b06a05209e" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "2b8957a8-e926-4583-bedc-3a3a40823eb1" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204149Z:2b8957a8-e926-4583-bedc-3a3a40823eb1" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:49 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '46544d7b-1f0d-46f5-81da-5c1351de1b06' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy80NjU0NGQ3Yi0xZjBkLTQ2ZjUtODFkYS01YzEzNTFkZTFiMDY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:6895405a-b411-4044-b420-8a29cc345c94" + ], + "x-ms-correlation-request-id": [ + "7282a0ba-ab74-407e-b297-a85f6e6d2144" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204149Z:7282a0ba-ab74-407e-b297-a85f6e6d2144" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:48 GMT" + ], + "Content-Length": [ + "1214" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46544d7b-1f0d-46f5-81da-5c1351de1b06\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy80NjVmMDE2MS0wMDg3LTQ5MGEtOWFkOS1hZDYyMTdmNGY0M2E/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:2ca8b30c-0aa3-4ca8-b395-0d0435a1e889" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-correlation-request-id": [ + "760838ea-4863-417c-aab5-d3c3004f4bd2" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204149Z:760838ea-4863-417c-aab5-d3c3004f4bd2" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:49 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '465f0161-0087-490a-9ad9-ad6217f4f43a' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy80NjVmMDE2MS0wMDg3LTQ5MGEtOWFkOS1hZDYyMTdmNGY0M2E/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:d9f0eee6-8cb3-4057-a3d8-81ead864697f" + ], + "x-ms-correlation-request-id": [ + "14e63ba3-56fc-4e03-8047-dbfa830242fb" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204149Z:14e63ba3-56fc-4e03-8047-dbfa830242fb" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:48 GMT" + ], + "Content-Length": [ + "934" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Enforce automatic OS upgrade with app health checks on VMSS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces usage of automatic OS upgrade with application health checks through health probes, which enables safer rollout by evaluating application health after each OS upgrade batch.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade\",\r\n \"equals\": \"True\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/networkProfile.healthProbe.id\",\r\n \"exists\": \"False\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f0161-0087-490a-9ad9-ad6217f4f43a\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy80N2E2YjYwNi01MWFhLTQ0OTYtOGJiNy02NGIxMWNmNjZhZGM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:b7ab1b3f-afa6-4139-95de-e961933e081b" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "610e4922-6f61-42bd-b6ec-0c36ef636c87" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204149Z:610e4922-6f61-42bd-b6ec-0c36ef636c87" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:49 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '47a6b606-51aa-4496-8bb7-64b11cf66adc' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy80N2E2YjYwNi01MWFhLTQ0OTYtOGJiNy02NGIxMWNmNjZhZGM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11995" + ], + "x-ms-request-id": [ + "westus2:e1dde0ae-7c8b-477f-960c-8ed173474a13" + ], + "x-ms-correlation-request-id": [ + "9036923a-4135-481a-b2f0-f907be030e2b" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204149Z:9036923a-4135-481a-b2f0-f907be030e2b" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:48 GMT" + ], + "Content-Length": [ + "1116" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible app Whitelisting in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible Application Whitelist configuration will be monitored by Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"applicationWhitelisting\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47a6b606-51aa-4496-8bb7-64b11cf66adc\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy80ODg5M2I4NC1hMmM4LTRkOWEtYmFkZi04MzVkNWQxYjdkNTM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:d5802668-a678-4478-8d60-55d6425dc93f" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "faff8361-d316-4787-9981-ba30a706f139" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204149Z:faff8361-d316-4787-9981-ba30a706f139" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:49 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '48893b84-a2c8-4d9a-badf-835d5d1b7d53' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy80ODg5M2I4NC1hMmM4LTRkOWEtYmFkZi04MzVkNWQxYjdkNTM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:6e932fd2-a012-41ee-b944-e78e3b25162f" + ], + "x-ms-correlation-request-id": [ + "856fcea2-4840-4350-9091-cde9bbb2a1ad" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204150Z:856fcea2-4840-4350-9091-cde9bbb2a1ad" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:49 GMT" + ], + "Content-Length": [ + "1216" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48893b84-a2c8-4d9a-badf-835d5d1b7d53\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy80OWM4OGZjOC02ZmQxLTQ2ZmQtYTY3Ni1mMTJkMWQzYTRjNzE/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:f924b9c5-6992-46c8-a04c-a0d51e346e2e" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "5df45723-e8cf-4b94-bf51-44dff7d15414" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204150Z:5df45723-e8cf-4b94-bf51-44dff7d15414" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:49 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '49c88fc8-6fd1-46fd-a676-f12d1d3a4c71' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy80OWM4OGZjOC02ZmQxLTQ2ZmQtYTY3Ni1mMTJkMWQzYTRjNzE/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11999" + ], + "x-ms-request-id": [ + "westus2:5191f72e-d63a-4022-83ee-de677d64ad1a" + ], + "x-ms-correlation-request-id": [ + "311f210f-3385-4014-be06-a97a8ee2b683" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204150Z:311f210f-3385-4014-be06-a97a8ee2b683" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:49 GMT" + ], + "Content-Length": [ + "1038" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Applies a required tag and its default value to resource groups if it is not specified by the user.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/4d1c04de-2172-403f-901b-90608c35c721?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy80ZDFjMDRkZS0yMTcyLTQwM2YtOTAxYi05MDYwOGMzNWM3MjE/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:2da8f601-2321-489f-abb9-eb7d14ccc313" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11991" + ], + "x-ms-correlation-request-id": [ + "001d3192-2e30-4fce-9ad4-ce83d01f6887" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204150Z:001d3192-2e30-4fce-9ad4-ce83d01f6887" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:49 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '4d1c04de-2172-403f-901b-90608c35c721' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/4d1c04de-2172-403f-901b-90608c35c721?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy80ZDFjMDRkZS0yMTcyLTQwM2YtOTAxYi05MDYwOGMzNWM3MjE/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:ca4a3051-a83f-48a5-9aa9-6b77bd948e8c" + ], + "x-ms-correlation-request-id": [ + "63052134-d94f-4f0f-9091-0f618f5038a9" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204150Z:63052134-d94f-4f0f-9091-0f618f5038a9" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:49 GMT" + ], + "Content-Length": [ + "4409" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d1c04de-2172-403f-901b-90608c35c721\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy80ZGEyMTcxMC1jZTZmLTRlMDYtOGNkYi01Y2M0YzkzZmZiZWU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:f7651cd2-bb97-4bd4-b36a-53e118cd527e" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "79b086b0-6648-4b70-9316-f90e89db00d7" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204150Z:79b086b0-6648-4b70-9316-f90e89db00d7" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:50 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '4da21710-ce6f-4e06-8cdb-5cc4c93ffbee' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy80ZGEyMTcxMC1jZTZmLTRlMDYtOGNkYi01Y2M0YzkzZmZiZWU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:2690ac75-b8f9-4525-8e25-8773f96c52e4" + ], + "x-ms-correlation-request-id": [ + "f0ecba72-4ef7-4ff3-a1dc-64c68dc98455" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204150Z:f0ecba72-4ef7-4ff3-a1dc-64c68dc98455" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:50 GMT" + ], + "Content-Length": [ + "4052" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy80ZjExYjU1My1kNDJlLTRlM2EtODliZS0zMmNhMzY0Y2FkNGM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:11118d39-7a7a-4ce5-aa93-8af29cbf9496" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "1e18838d-3b2c-491f-a4d0-35b270528cf2" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204150Z:1e18838d-3b2c-491f-a4d0-35b270528cf2" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:50 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '4f11b553-d42e-4e3a-89be-32ca364cad4c' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy80ZjExYjU1My1kNDJlLTRlM2EtODliZS0zMmNhMzY0Y2FkNGM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:f03caa0d-c976-4315-bfb2-9f849f542a68" + ], + "x-ms-correlation-request-id": [ + "0692d8b1-6e03-405b-b875-c44ac71abcf5" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204150Z:0692d8b1-6e03-405b-b875-c44ac71abcf5" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:49 GMT" + ], + "Content-Length": [ + "1105" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit maximum number of owners for a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateLessThanXOwners\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healty\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f11b553-d42e-4e3a-89be-32ca364cad4c\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy81NzQ0NzEwZS1jYzJmLTRlZTgtODgwOS0zYjExZTg5ZjRiYzk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:15e880c2-4b9f-4b4e-b626-04a14d324ea6" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11995" + ], + "x-ms-correlation-request-id": [ + "dff752d3-2546-453e-b485-130b62ce4a4e" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204151Z:dff752d3-2546-453e-b485-130b62ce4a4e" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:50 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '5744710e-cc2f-4ee8-8809-3b11e89f4bc9' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy81NzQ0NzEwZS1jYzJmLTRlZTgtODgwOS0zYjExZTg5ZjRiYzk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-correlation-request-id": [ + "962a3288-a0a6-48f6-9c2d-3f8094da08db" + ], + "x-ms-request-id": [ + "westus2:ce47f36c-b8d0-4daf-92c2-f7a6e3359a5a" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204151Z:962a3288-a0a6-48f6-9c2d-3f8094da08db" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:51 GMT" + ], + "Content-Length": [ + "1305" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy81YWExMWJiYy01Yzc2LTQzMDItODBlNS1hYmE0NmE0MjgyZTc/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:d3015db1-498f-48f6-bc24-5ae8d53a6c32" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "03531916-cab9-4dd4-bb43-7ddf48b85131" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204151Z:03531916-cab9-4dd4-bb43-7ddf48b85131" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:50 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '5aa11bbc-5c76-4302-80e5-aba46a4282e7' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy81YWExMWJiYy01Yzc2LTQzMDItODBlNS1hYmE0NmE0MjgyZTc/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:bdadcdbe-3cc2-4398-bf7d-0b7fb2013b5e" + ], + "x-ms-correlation-request-id": [ + "b980cd6e-d318-4ca0-85df-31454460e08b" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204151Z:b980cd6e-d318-4ca0-85df-31454460e08b" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:51 GMT" + ], + "Content-Length": [ + "1341" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy81YWViYzhkMS0wMjBkLTQwMzctODlhMC0wMjA0M2E3NTI0ZWM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:a4499641-80b7-4ae8-9616-879b968228ae" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "e75fb28f-c805-40ca-ae38-99f33b78ef6b" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204151Z:e75fb28f-c805-40ca-ae38-99f33b78ef6b" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:51 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '5aebc8d1-020d-4037-89a0-02043a7524ec' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy81YWViYzhkMS0wMjBkLTQwMzctODlhMC0wMjA0M2E3NTI0ZWM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-correlation-request-id": [ + "98dc90e6-253c-401b-bc53-48f11ba18cfa" + ], + "x-ms-request-id": [ + "westus2:c09476dc-ba35-4807-b2ab-c1a6e2228717" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204151Z:98dc90e6-253c-401b-bc53-48f11ba18cfa" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:51 GMT" + ], + "Content-Length": [ + "1348" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy81Yjg0MmFjYi0wZmU3LTQxYjAtOWY0MC04ODBlYzRhZDg0ZDg/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:64cf4734-53b6-4261-abd4-6284463babd7" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "0a3a1c10-587a-4395-92ac-0e4caf6e4488" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204151Z:0a3a1c10-587a-4395-92ac-0e4caf6e4488" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:50 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '5b842acb-0fe7-41b0-9f40-880ec4ad84d8' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy81Yjg0MmFjYi0wZmU3LTQxYjAtOWY0MC04ODBlYzRhZDg0ZDg/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:4bdb3468-466e-4ec6-a30d-039e80fef3d8" + ], + "x-ms-correlation-request-id": [ + "0ab82478-8117-4f40-827d-41e90541fdb8" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204151Z:0ab82478-8117-4f40-827d-41e90541fdb8" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:51 GMT" + ], + "Content-Length": [ + "2252" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy81YzNiYzdiOC1hNjRjLTRlMDgtYTljZC03ZmYwZjMxZTExMzg/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:8b8b6dcd-37f5-4bdb-9e06-d49ac76c3081" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "8a796502-70eb-4002-8bdf-69fd14668e04" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204151Z:8a796502-70eb-4002-8bdf-69fd14668e04" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:51 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy81YzNiYzdiOC1hNjRjLTRlMDgtYTljZC03ZmYwZjMxZTExMzg/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:2d38f638-620c-447a-bb37-83be0e1ba7b0" + ], + "x-ms-correlation-request-id": [ + "44211ca7-eb16-496e-a070-73e1925e6f93" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204151Z:44211ca7-eb16-496e-a070-73e1925e6f93" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:51 GMT" + ], + "Content-Length": [ + "5596" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy81YzYwN2EyZS1jNzAwLTQ3NDQtODI1NC1kNzdlN2M5ZWI1ZTQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:b7a9cf44-e9f8-4ff7-9dc2-23b90484a0e5" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11994" + ], + "x-ms-correlation-request-id": [ + "b76d5f22-3913-45b1-b93a-4d5fd88d0870" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204152Z:b76d5f22-3913-45b1-b93a-4d5fd88d0870" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:51 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '5c607a2e-c700-4744-8254-d77e7c9eb5e4' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy81YzYwN2EyZS1jNzAwLTQ3NDQtODI1NC1kNzdlN2M5ZWI1ZTQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11999" + ], + "x-ms-request-id": [ + "westus2:14d9d898-853e-4ec3-be2a-ad706ec75c82" + ], + "x-ms-correlation-request-id": [ + "8f69bf6d-e09c-4bb8-8387-c7f2c4a72e3d" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204152Z:8f69bf6d-e09c-4bb8-8387-c7f2c4a72e3d" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:52 GMT" + ], + "Content-Length": [ + "1129" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with write permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy81ZGY4MmY0Zi03NzNhLTRhMmQtOTdhMi00MjJhODA2ZjFhNTU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:12a00fa1-f1d3-42a9-afac-83c151ff12b9" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11996" + ], + "x-ms-correlation-request-id": [ + "560e053f-4b65-4937-80fd-efa61fc5a368" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204152Z:560e053f-4b65-4937-80fd-efa61fc5a368" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:51 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '5df82f4f-773a-4a2d-97a2-422a806f1a55' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy81ZGY4MmY0Zi03NzNhLTRhMmQtOTdhMi00MjJhODA2ZjFhNTU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:bc17d4e8-7194-41e2-8e71-5f0d08f6434d" + ], + "x-ms-correlation-request-id": [ + "c026046f-fa3c-4cd5-9675-020fd27636f6" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204152Z:c026046f-fa3c-4cd5-9675-020fd27636f6" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:51 GMT" + ], + "Content-Length": [ + "1234" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df82f4f-773a-4a2d-97a2-422a806f1a55\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy81ZTMzMTVlMC1hNDE0LTRlZmItYTRkMi1jN2JkMmIwNDQzZDI/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:4e878dc5-5cf1-4838-8780-5ecff5e7064f" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "c43f5f94-5116-482a-a159-1949b0edde72" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204152Z:c43f5f94-5116-482a-a159-1949b0edde72" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:52 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '5e3315e0-a414-4efb-a4d2-c7bd2b0443d2' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy81ZTMzMTVlMC1hNDE0LTRlZmItYTRkMi1jN2JkMmIwNDQzZDI/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:ff00cfd2-fe47-4be4-9779-b33939fc4932" + ], + "x-ms-correlation-request-id": [ + "c1c625ea-20ba-4f96-b6ea-14bf81de57ff" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204152Z:c1c625ea-20ba-4f96-b6ea-14bf81de57ff" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:52 GMT" + ], + "Content-Length": [ + "1306" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy81ZTM5Mzc5OS1lM2NhLTRlNDMtYTlhNS0wZWM0NjQ4YTU3ZDk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:a35817f5-33a6-4cc0-b40a-65d10e2d5bcd" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "6085124e-d722-4862-a502-9281d314697c" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204152Z:6085124e-d722-4862-a502-9281d314697c" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:52 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '5e393799-e3ca-4e43-a9a5-0ec4648a57d9' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy81ZTM5Mzc5OS1lM2NhLTRlNDMtYTlhNS0wZWM0NjQ4YTU3ZDk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:ec319f24-bd04-4c08-96e4-d0e4152be4ce" + ], + "x-ms-correlation-request-id": [ + "08abcb93-2b53-4bc2-9562-8b68929a8954" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204152Z:08abcb93-2b53-4bc2-9562-8b68929a8954" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:52 GMT" + ], + "Content-Length": [ + "1767" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy81ZWU4NWNlNS1lN2ViLTQ0ZDYtYjRhMi0zMmEyNGJlMWNhNTQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:831e6ee1-fa0b-43a6-9235-1db87396d5e5" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "12fc7304-45cf-42ff-ac40-6542fc47cab5" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204153Z:12fc7304-45cf-42ff-ac40-6542fc47cab5" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:53 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy81ZWU4NWNlNS1lN2ViLTQ0ZDYtYjRhMi0zMmEyNGJlMWNhNTQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:d665bc76-d5f9-4421-992b-3ffd272ddd97" + ], + "x-ms-correlation-request-id": [ + "9a9d0c8a-b3bc-4b1c-99b6-dec4087ed5bc" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204153Z:9a9d0c8a-b3bc-4b1c-99b6-dec4087ed5bc" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:52 GMT" + ], + "Content-Length": [ + "602" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in India data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: West India, South India, Central India\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy81ZWU5ZTllZC0wYjQyLTQxYjctOGM5Yy0zY2ZiMmZiZTIwNjk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:ca9a57ff-996a-4b0d-90b3-d4bd36ed98ea" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11991" + ], + "x-ms-correlation-request-id": [ + "e24a10ce-2b02-4094-af12-eae2341aa257" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204153Z:e24a10ce-2b02-4094-af12-eae2341aa257" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:53 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy81ZWU5ZTllZC0wYjQyLTQxYjctOGM5Yy0zY2ZiMmZiZTIwNjk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11995" + ], + "x-ms-request-id": [ + "westus2:2dfe8c94-a247-46d3-9b9c-6d9fd10245d6" + ], + "x-ms-correlation-request-id": [ + "6c1eeca5-eb33-4ec1-80ac-1781536f9afd" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204153Z:6c1eeca5-eb33-4ec1-80ac-1781536f9afd" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:53 GMT" + ], + "Content-Length": [ + "5173" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy81Zjc2Y2Y4OS1mYmYyLTQ3ZmQtYTNmNC1iODkxZmE3ODBiNjA/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:bded0906-b506-46b1-aafc-079b927136eb" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11994" + ], + "x-ms-correlation-request-id": [ + "d25e2912-efe1-4ccd-a943-80259a70daaf" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204153Z:d25e2912-efe1-4ccd-a943-80259a70daaf" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:53 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '5f76cf89-fbf2-47fd-a3f4-b891fa780b60' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy81Zjc2Y2Y4OS1mYmYyLTQ3ZmQtYTNmNC1iODkxZmE3ODBiNjA/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-correlation-request-id": [ + "f31b7541-b4cc-4854-84c5-c457c50544c1" + ], + "x-ms-request-id": [ + "westus2:59afe1fd-d8e5-4a6e-88ef-3976f584dc64" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11995" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204153Z:f31b7541-b4cc-4854-84c5-c457c50544c1" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:53 GMT" + ], + "Content-Length": [ + "1126" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with read permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy82MGZmZTNlMi00NjA0LTQ0NjAtOGYyMi0wZjFkYTA1ODI2NmM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:a5c1c69b-45ab-4ac6-990f-a85366b137cd" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "6776ca49-d77b-46ab-9ed7-06069752559a" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204153Z:6776ca49-d77b-46ab-9ed7-06069752559a" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:53 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '60ffe3e2-4604-4460-8f22-0f1da058266c' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy82MGZmZTNlMi00NjA0LTQ0NjAtOGYyMi0wZjFkYTA1ODI2NmM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:1041ac4c-8d89-40b4-897d-735b6e757c0e" + ], + "x-ms-correlation-request-id": [ + "58bc3bf2-7ed9-443a-95ec-d92bf46f55cb" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204153Z:58bc3bf2-7ed9-443a-95ec-d92bf46f55cb" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:52 GMT" + ], + "Content-Length": [ + "1433" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/617c02be-7f02-4efd-8836-3180d47b6c68?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy82MTdjMDJiZS03ZjAyLTRlZmQtODgzNi0zMTgwZDQ3YjZjNjg/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:f090b300-493b-4444-8306-769a46209f6c" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11996" + ], + "x-ms-correlation-request-id": [ + "7ffdc565-e4fa-468a-a4c0-5e45ab48a161" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204153Z:7ffdc565-e4fa-468a-a4c0-5e45ab48a161" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:53 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '617c02be-7f02-4efd-8836-3180d47b6c68' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/617c02be-7f02-4efd-8836-3180d47b6c68?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy82MTdjMDJiZS03ZjAyLTRlZmQtODgzNi0zMTgwZDQ3YjZjNjg/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:a0949ffe-097f-48b6-b60b-cfff5b041ab3" + ], + "x-ms-correlation-request-id": [ + "7d0e5e44-80a6-4975-b487-2b623f17b13a" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204153Z:7d0e5e44-80a6-4975-b487-2b623f17b13a" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:53 GMT" + ], + "Content-Length": [ + "1334" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit the setting of ClusterProtectionLevel property to EncryptAndSign in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].name\",\r\n \"notEquals\": \"Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name\",\r\n \"notEquals\": \"ClusterProtectionLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value\",\r\n \"notEquals\": \"EncryptAndSign\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"617c02be-7f02-4efd-8836-3180d47b6c68\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/655cb504-bcee-4362-bd4c-402e6aa38759?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy82NTVjYjUwNC1iY2VlLTQzNjItYmQ0Yy00MDJlNmFhMzg3NTk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:4ce12b40-1157-47ed-8524-5ce892553ff7" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "a58216e1-0149-401b-af92-613cd347876e" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204154Z:a58216e1-0149-401b-af92-613cd347876e" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:53 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '655cb504-bcee-4362-bd4c-402e6aa38759' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/655cb504-bcee-4362-bd4c-402e6aa38759?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy82NTVjYjUwNC1iY2VlLTQzNjItYmQ0Yy00MDJlNmFhMzg3NTk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11994" + ], + "x-ms-request-id": [ + "westus2:92d02cb0-193e-4c7a-ae03-0155910c9d44" + ], + "x-ms-correlation-request-id": [ + "3690fecd-bd73-4efc-b7e7-65620f44e6a4" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204154Z:3690fecd-bd73-4efc-b7e7-65620f44e6a4" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:53 GMT" + ], + "Content-Length": [ + "1068" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit missing blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits storage accounts without blob encryption. It only applies to Microsoft.Storage resource types, not other storage providers. Possible network Just In Time access will be monitored by Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"655cb504-bcee-4362-bd4c-402e6aa38759\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/664346d9-be92-43fb-a219-d595eeb76a90?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy82NjQzNDZkOS1iZTkyLTQzZmItYTIxOS1kNTk1ZWViNzZhOTA/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:7c9c1a54-093b-4428-abbd-576f139fca4d" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "fc43a472-c244-4e74-ae12-59ee5548aef3" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204154Z:fc43a472-c244-4e74-ae12-59ee5548aef3" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:53 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '664346d9-be92-43fb-a219-d595eeb76a90' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/664346d9-be92-43fb-a219-d595eeb76a90?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy82NjQzNDZkOS1iZTkyLTQzZmItYTIxOS1kNTk1ZWViNzZhOTA/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:feff2482-9136-4409-b77a-203cd0a0c11f" + ], + "x-ms-correlation-request-id": [ + "f6f58527-99cd-4cbc-9220-8b4bb1b86771" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204154Z:f6f58527-99cd-4cbc-9220-8b4bb1b86771" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:54 GMT" + ], + "Content-Length": [ + "1299" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a Function app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"664346d9-be92-43fb-a219-d595eeb76a90\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy82YTg0NTBlMi02YzYxLTQzYjQtYmU2NS02MmUzYTE5N2JmZmU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:c87f2560-0d43-4750-831e-6d6970450b20" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-correlation-request-id": [ + "d1fd1bfa-9568-409b-b58e-72fce287feab" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204154Z:d1fd1bfa-9568-409b-b58e-72fce287feab" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:53 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '6a8450e2-6c61-43b4-be65-62e3a197bffe' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy82YTg0NTBlMi02YzYxLTQzYjQtYmU2NS02MmUzYTE5N2JmZmU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:c6c16382-5b22-4e7e-b3c8-52ad13fa7f1a" + ], + "x-ms-correlation-request-id": [ + "d0c6fcff-0afa-4be6-bcd6-275474125fdc" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204154Z:d0c6fcff-0afa-4be6-bcd6-275474125fdc" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:54 GMT" + ], + "Content-Length": [ + "1316" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a web application from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8450e2-6c61-43b4-be65-62e3a197bffe\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy82YjFjYmY1NS1lOGI2LTQ0MmYtYmE0Yy03MjQ2YjYzODE0NzQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:f94f1378-0346-45da-be5d-5019a6606b15" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "8b607e69-d1aa-4f74-9ff1-5c1de752d81b" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204154Z:8b607e69-d1aa-4f74-9ff1-5c1de752d81b" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:54 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '6b1cbf55-e8b6-442f-ba4c-7246b6381474' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy82YjFjYmY1NS1lOGI2LTQ0MmYtYmE0Yy03MjQ2YjYzODE0NzQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11995" + ], + "x-ms-request-id": [ + "westus2:51ae0be5-d774-41ed-bdcc-0adf03b9480b" + ], + "x-ms-correlation-request-id": [ + "9ebb61f0-a195-4aab-bfae-e4bbae7fbd18" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204154Z:9ebb61f0-a195-4aab-bfae-e4bbae7fbd18" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:54 GMT" + ], + "Content-Length": [ + "1110" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy82YzExMmQ0ZS01YmM3LTQ3YWUtYTA0MS1lYTJkOWRjY2Q3NDk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:843f928e-16fb-4214-b8f9-60d434a5ca22" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11996" + ], + "x-ms-correlation-request-id": [ + "12164707-f0b6-4a76-8ce0-41b9ccdecdfc" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204154Z:12164707-f0b6-4a76-8ce0-41b9ccdecdfc" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:54 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '6c112d4e-5bc7-47ae-a041-ea2d9dccd749' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy82YzExMmQ0ZS01YmM3LTQ3YWUtYTA0MS1lYTJkOWRjY2Q3NDk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11995" + ], + "x-ms-request-id": [ + "westus2:b48a7148-5a0b-4a1d-b512-0f6810b7741c" + ], + "x-ms-correlation-request-id": [ + "e5341519-a545-458e-ac38-d4481e891daa" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204154Z:e5341519-a545-458e-ac38-d4481e891daa" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:53 GMT" + ], + "Content-Length": [ + "750" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization cannot deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that cannot be deployed.\",\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesNotAllowed')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy82ZmRiOTIwNS0zNDYyLTRjZmMtODdkOC0xNmM3ODYwYjUzZjQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:b3c183ba-7494-4d3b-a08e-7f35627e1ae2" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "b4f30f23-0ef7-4c9a-b185-88f98441d8c5" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204154Z:b4f30f23-0ef7-4c9a-b185-88f98441d8c5" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:54 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '6fdb9205-3462-4cfc-87d8-16c7860b53f4' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy82ZmRiOTIwNS0zNDYyLTRjZmMtODdkOC0xNmM3ODYwYjUzZjQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-correlation-request-id": [ + "1aa6550f-d33f-451d-934f-2fc82311c403" + ], + "x-ms-request-id": [ + "westus2:2788a9ab-3fdf-43c5-b627-41b5b7c9ee71" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204154Z:1aa6550f-d33f-451d-934f-2fc82311c403" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:53 GMT" + ], + "Content-Length": [ + "570" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdb9205-3462-4cfc-87d8-16c7860b53f4\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy83MjY2NzFhYy1jNGRlLTQ5MDgtOGM3ZC02MDQzYWU2MmUzYjY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:8ce66b5a-e774-4078-ab35-71fe24487946" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "bb215faf-7353-4236-8f71-0985b7e8c112" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204155Z:bb215faf-7353-4236-8f71-0985b7e8c112" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:54 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '726671ac-c4de-4908-8c7d-6043ae62e3b6' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy83MjY2NzFhYy1jNGRlLTQ5MDgtOGM3ZC02MDQzYWU2MmUzYjY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11999" + ], + "x-ms-request-id": [ + "westus2:09c854a4-21f4-4ffd-9cc7-ae20e66a2e06" + ], + "x-ms-correlation-request-id": [ + "e45106b3-0c99-4c39-a56e-040ddd403432" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204155Z:e45106b3-0c99-4c39-a56e-040ddd403432" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:54 GMT" + ], + "Content-Length": [ + "3213" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"EnforcePasswordHistory\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy83NDMzYzEwNy02ZGI0LTRhZDEtYjU3YS1hNzZkY2UwMTU0YTE/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:61cd96a2-02c1-4b67-a26e-6845e09233d6" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "5fb7ba43-7ff6-4d67-9b96-a3cbd71a92ed" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204155Z:5fb7ba43-7ff6-4d67-9b96-a3cbd71a92ed" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:54 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '7433c107-6db4-4ad1-b57a-a76dce0154a1' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy83NDMzYzEwNy02ZGI0LTRhZDEtYjU3YS1hNzZkY2UwMTU0YTE/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-correlation-request-id": [ + "e0797689-7218-4d49-863e-b66af031e05d" + ], + "x-ms-request-id": [ + "westus2:39bebb1e-982b-4200-b5e8-7b7d89108ad0" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204155Z:e0797689-7218-4d49-863e-b66af031e05d" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:55 GMT" + ], + "Content-Length": [ + "849" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Allowed storage account SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"StorageSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7433c107-6db4-4ad1-b57a-a76dce0154a1\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/752c6934-9bcc-4749-b004-655e676ae2ac?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy83NTJjNjkzNC05YmNjLTQ3NDktYjAwNC02NTVlNjc2YWUyYWM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:8d5f33c1-0c07-4920-b13e-7061967a96ce" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-correlation-request-id": [ + "b8fc0a2f-b3dc-4253-9799-be3611c9aa43" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204155Z:b8fc0a2f-b3dc-4253-9799-be3611c9aa43" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:54 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '752c6934-9bcc-4749-b004-655e676ae2ac' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/752c6934-9bcc-4749-b004-655e676ae2ac?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy83NTJjNjkzNC05YmNjLTQ3NDktYjAwNC02NTVlNjc2YWUyYWM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:1c1939f8-a8da-4f62-be9f-4276233cc7c3" + ], + "x-ms-correlation-request-id": [ + "dd22176f-922a-44df-a199-6c0982bbab42" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204155Z:dd22176f-922a-44df-a199-6c0982bbab42" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:55 GMT" + ], + "Content-Length": [ + "1162" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in App Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"752c6934-9bcc-4749-b004-655e676ae2ac\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/760a85ff-6162-42b3-8d70-698e268f648c?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy83NjBhODVmZi02MTYyLTQyYjMtOGQ3MC02OThlMjY4ZjY0OGM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:745889c3-9e53-4977-a35e-c09713b1769e" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11994" + ], + "x-ms-correlation-request-id": [ + "21d21221-986e-4d35-a85e-adf6d08914b5" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204155Z:21d21221-986e-4d35-a85e-adf6d08914b5" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:54 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '760a85ff-6162-42b3-8d70-698e268f648c' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/760a85ff-6162-42b3-8d70-698e268f648c?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy83NjBhODVmZi02MTYyLTQyYjMtOGQ3MC02OThlMjY4ZjY0OGM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:fee67dc7-5368-498c-b7e2-1cbc29f240d1" + ], + "x-ms-correlation-request-id": [ + "eb46a22a-36bf-4535-8600-771f345b0dc2" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204155Z:eb46a22a-36bf-4535-8600-771f345b0dc2" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:55 GMT" + ], + "Content-Length": [ + "1189" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor VM Vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"vulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"760a85ff-6162-42b3-8d70-698e268f648c\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy83NjUyNjZhYi1lNDBlLTRjNjEtYmNiMi01YTUyNzVkMGI3YzA/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:5703f8d0-6af4-4040-a99c-c475dd1386c4" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "21d61072-f9f0-4fe7-a3b0-db9edcd8025d" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204155Z:21d61072-f9f0-4fe7-a3b0-db9edcd8025d" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:55 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '765266ab-e40e-4c61-bcb2-5a5275d0b7c0' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy83NjUyNjZhYi1lNDBlLTRjNjEtYmNiMi01YTUyNzVkMGI3YzA/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:79afe56a-4e2a-4e3e-8956-69028c4bfdbb" + ], + "x-ms-correlation-request-id": [ + "77498974-0d75-4417-8d89-73ec3131ceed" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204155Z:77498974-0d75-4417-8d89-73ec3131ceed" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:55 GMT" + ], + "Content-Length": [ + "4205" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy83YzFiMTIxNC1mOTI3LTQ4YmYtODg4Mi04NGYwYWY2NTg4YjE/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:511224a1-73cd-4e93-a8ec-fd27cf70d710" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11991" + ], + "x-ms-correlation-request-id": [ + "ca3c53b6-62ff-491f-bd52-d906dd179685" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204156Z:ca3c53b6-62ff-491f-bd52-d906dd179685" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:55 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '7c1b1214-f927-48bf-8882-84f0af6588b1' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy83YzFiMTIxNC1mOTI3LTQ4YmYtODg4Mi04NGYwYWY2NTg4YjE/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11995" + ], + "x-ms-request-id": [ + "westus2:5ba10e88-d738-4e89-8c27-52a49c48d05a" + ], + "x-ms-correlation-request-id": [ + "0b016fc7-0490-4f35-b22c-ec456b05c0aa" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204156Z:0b016fc7-0490-4f35-b22c-ec456b05c0aa" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:55 GMT" + ], + "Content-Length": [ + "1456" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"IaaSDiagnostics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Diagnostics\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"LinuxDiagnostic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.OSTCExtensions\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c1b1214-f927-48bf-8882-84f0af6588b1\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy83YzVhNzRiZi1hZTk0LTRhNzQtOGZjZi02NDRkMWUwZTZlNmY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:0a9b0ac4-b516-429e-bb75-0811bba2fb65" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11990" + ], + "x-ms-correlation-request-id": [ + "fbc3a167-6f60-4ef7-9445-0d30239b8978" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204156Z:fbc3a167-6f60-4ef7-9445-0d30239b8978" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:56 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy83YzVhNzRiZi1hZTk0LTRhNzQtOGZjZi02NDRkMWUwZTZlNmY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11991" + ], + "x-ms-request-id": [ + "westus2:d64b441c-f47d-4033-818d-1bc19b7e0aa2" + ], + "x-ms-correlation-request-id": [ + "cf2d77bd-b650-4715-95a8-1c5552c3ffd1" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204156Z:cf2d77bd-b650-4715-95a8-1c5552c3ffd1" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:55 GMT" + ], + "Content-Length": [ + "716" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Require blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/7e56b49b-5990-4159-a734-511ea19b731c?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy83ZTU2YjQ5Yi01OTkwLTQxNTktYTczNC01MTFlYTE5YjczMWM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:62ff9132-237c-423a-a08f-38edb216c26f" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11990" + ], + "x-ms-correlation-request-id": [ + "c94ead3d-2a4d-49fc-8f03-0b2477d65b70" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204156Z:c94ead3d-2a4d-49fc-8f03-0b2477d65b70" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:56 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '7e56b49b-5990-4159-a734-511ea19b731c' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/7e56b49b-5990-4159-a734-511ea19b731c?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy83ZTU2YjQ5Yi01OTkwLTQxNTktYTczNC01MTFlYTE5YjczMWM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11995" + ], + "x-ms-request-id": [ + "westus2:3ede6e7b-7feb-499f-a692-8d41b5562a1e" + ], + "x-ms-correlation-request-id": [ + "abf1113b-6470-4929-9ce6-e54e49e52e75" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204156Z:abf1113b-6470-4929-9ce6-e54e49e52e75" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:56 GMT" + ], + "Content-Length": [ + "1777" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e56b49b-5990-4159-a734-511ea19b731c\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy83ZWQ0MDgwMS04YTBmLTRjZWItODVjMC05ZmQyNWMxZDYxYTg/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:b4c612e0-e682-4a16-8ab7-5fa61b0a02d6" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "2deef991-f53e-43cf-8691-4c6f414e6338" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204156Z:2deef991-f53e-43cf-8691-4c6f414e6338" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:56 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy83ZWQ0MDgwMS04YTBmLTRjZWItODVjMC05ZmQyNWMxZDYxYTg/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:b5b9bfa0-09c9-4dfa-a334-75c3ece8c752" + ], + "x-ms-correlation-request-id": [ + "7a474d63-4df4-4c60-a011-52ceac1f5444" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204156Z:7a474d63-4df4-4c60-a011-52ceac1f5444" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:56 GMT" + ], + "Content-Length": [ + "3228" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordMustMeetComplexityRequirements\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/7f89b1eb-583c-429a-8828-af049802c1d9?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy83Zjg5YjFlYi01ODNjLTQyOWEtODgyOC1hZjA0OTgwMmMxZDk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:57ebbba1-5ca6-465d-b37b-bde39ec080e1" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "99f63027-d159-4988-8077-f371bbb637de" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204157Z:99f63027-d159-4988-8077-f371bbb637de" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:56 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '7f89b1eb-583c-429a-8828-af049802c1d9' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/7f89b1eb-583c-429a-8828-af049802c1d9?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy83Zjg5YjFlYi01ODNjLTQyOWEtODgyOC1hZjA0OTgwMmMxZDk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11995" + ], + "x-ms-request-id": [ + "westus2:a4d29ba6-3f1e-4ac7-ba6f-c2f1cd6b7178" + ], + "x-ms-correlation-request-id": [ + "ecbada51-c5b9-4faf-90ad-bef223941b19" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204157Z:ecbada51-c5b9-4faf-90ad-bef223941b19" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:57 GMT" + ], + "Content-Length": [ + "890" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit diagnostic setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f89b1eb-583c-429a-8828-af049802c1d9\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy84M2EyMTRmNy1kMDFhLTQ4NGItOTFhOS1lZDU0NDcwYzlhNmE/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:9764c33f-4685-4865-b0e1-7673546a6004" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "b240225d-8fc9-4c5e-bda0-90aeabc291d5" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204157Z:b240225d-8fc9-4c5e-bda0-90aeabc291d5" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:57 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '83a214f7-d01a-484b-91a9-ed54470c9a6a' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy84M2EyMTRmNy1kMDFhLTQ4NGItOTFhOS1lZDU0NDcwYzlhNmE/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:910cab33-2a89-4a00-919f-331823ebb90d" + ], + "x-ms-correlation-request-id": [ + "b63eefae-f3a6-4825-841c-e5abdd3dcac0" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204157Z:b63eefae-f3a6-4825-841c-e5abdd3dcac0" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:56 GMT" + ], + "Content-Length": [ + "1393" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a214f7-d01a-484b-91a9-ed54470c9a6a\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy84NmE5MTJmNi05YTA2LTRlMjYtYjQ0Ny0xMWIxNmJhODY1OWY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:c0574cc5-a0cd-4933-9bdb-72a481b96cfe" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "1180fb45-5d01-4760-b087-901f10a4fdf5" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204157Z:1180fb45-5d01-4760-b087-901f10a4fdf5" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:57 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '86a912f6-9a06-4e26-b447-11b16ba8659f' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy84NmE5MTJmNi05YTA2LTRlMjYtYjQ0Ny0xMWIxNmJhODY1OWY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11994" + ], + "x-ms-request-id": [ + "westus2:fb9511ac-630b-49e3-9947-e7ffb9e4de65" + ], + "x-ms-correlation-request-id": [ + "e0aff4cf-53d2-4ef9-a5f1-760546bdcd36" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204157Z:e0aff4cf-53d2-4ef9-a5f1-760546bdcd36" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:57 GMT" + ], + "Content-Length": [ + "1385" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Deploy SQL DB transparent data encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enables transparent data encryption on SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('fullDbName'), '/current')]\",\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"apiVersion\": \"2014-04-01\",\r\n \"properties\": {\r\n \"status\": \"Enabled\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"value\": \"[field('fullName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/86b3d65f-7626-441e-b690-81a8b71cff60?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy84NmIzZDY1Zi03NjI2LTQ0MWUtYjY5MC04MWE4YjcxY2ZmNjA/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:bed354c3-0175-4c37-b8e9-e07db22d8884" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11996" + ], + "x-ms-correlation-request-id": [ + "1c218988-d8c3-4317-b8e3-d3b327bac9a8" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204157Z:1c218988-d8c3-4317-b8e3-d3b327bac9a8" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:57 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '86b3d65f-7626-441e-b690-81a8b71cff60' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/86b3d65f-7626-441e-b690-81a8b71cff60?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy84NmIzZDY1Zi03NjI2LTQ0MWUtYjY5MC04MWE4YjcxY2ZmNjA/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11995" + ], + "x-ms-request-id": [ + "westus2:31014507-dd6c-47e6-8d77-31a57f3f896c" + ], + "x-ms-correlation-request-id": [ + "71434f19-6f3e-48b1-8c49-20a359a9be1b" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204157Z:71434f19-6f3e-48b1-8c49-20a359a9be1b" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:57 GMT" + ], + "Content-Length": [ + "1168" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing system updates in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Missing security system updates on your servers will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"systemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86b3d65f-7626-441e-b690-81a8b71cff60\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/884b209a-963b-4520-8006-d20cb3c213e0?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy84ODRiMjA5YS05NjNiLTQ1MjAtODAwNi1kMjBjYjNjMjEzZTA/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:a8a4f36f-44c1-4375-9897-564950964853" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "529f097f-fd78-4fe1-80f6-e85f83218de1" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204157Z:529f097f-fd78-4fe1-80f6-e85f83218de1" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:57 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '884b209a-963b-4520-8006-d20cb3c213e0' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/884b209a-963b-4520-8006-d20cb3c213e0?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy84ODRiMjA5YS05NjNiLTQ1MjAtODAwNi1kMjBjYjNjMjEzZTA/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11994" + ], + "x-ms-request-id": [ + "westus2:40b083c7-c508-4eec-b089-87937af1bf38" + ], + "x-ms-correlation-request-id": [ + "339dd5b9-4225-41f5-84d9-14ee9f1e2d59" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204157Z:339dd5b9-4225-41f5-84d9-14ee9f1e2d59" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:57 GMT" + ], + "Content-Length": [ + "4428" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"not_installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"not_installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"884b209a-963b-4520-8006-d20cb3c213e0\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy84Y2UzZGEyMy03MTU2LTQ5ZTQtYjE0NS0yNGY5NWY5ZGNiNDY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:2460b895-2dc9-472f-84d6-6fdb5059b643" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "ec74e858-b374-4e8a-990d-7ebb388d2f3a" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204158Z:ec74e858-b374-4e8a-990d-7ebb388d2f3a" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:57 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '8ce3da23-7156-49e4-b145-24f95f9dcb46' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy84Y2UzZGEyMy03MTU2LTQ5ZTQtYjE0NS0yNGY5NWY5ZGNiNDY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:c4218d12-d59c-47d5-ada7-2fa166d9e5e4" + ], + "x-ms-correlation-request-id": [ + "69daf6ac-dd7e-4b65-b29a-14312e152159" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204158Z:69daf6ac-dd7e-4b65-b29a-14312e152159" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:58 GMT" + ], + "Content-Length": [ + "905" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces a required tag and its value on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce3da23-7156-49e4-b145-24f95f9dcb46\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy84ZmYwYjE4Yi0yNjJlLTQ1MTItODU3YS00OGFkMGFlYjlhNzg/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:7ffe01cb-87b0-44ff-a464-76aa8de986b7" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "f074e337-0d56-4493-8208-716426531ba5" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204158Z:f074e337-0d56-4493-8208-716426531ba5" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:57 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '8ff0b18b-262e-4512-857a-48ad0aeb9a78' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy84ZmYwYjE4Yi0yNjJlLTQ1MTItODU3YS00OGFkMGFlYjlhNzg/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:eba38de3-d8d3-4f1f-a656-e96bde5c08a7" + ], + "x-ms-correlation-request-id": [ + "4dec9e88-5647-4000-8b4b-fc322568b9f0" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204158Z:4dec9e88-5647-4000-8b4b-fc322568b9f0" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:57 GMT" + ], + "Content-Length": [ + "3218" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"StorePasswordsUsingReversibleEncryption\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy85Mjk3YzIxZC0yZWQ2LTQ0NzQtYjQ4Zi0xNjNmNzU2NTRjZTM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:d6cfdac4-a710-4d56-9870-22360d3b919a" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11989" + ], + "x-ms-correlation-request-id": [ + "66bddde1-64bd-43a8-9b32-af7e99b526a7" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204158Z:66bddde1-64bd-43a8-9b32-af7e99b526a7" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:58 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '9297c21d-2ed6-4474-b48f-163f75654ce3' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy85Mjk3YzIxZC0yZWQ2LTQ0NzQtYjQ4Zi0xNjNmNzU2NTRjZTM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:369c68b1-3565-4f06-aee6-987332b2f46d" + ], + "x-ms-correlation-request-id": [ + "100d81fb-1334-4630-b6fe-b7ed12c6137d" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204158Z:100d81fb-1334-4630-b6fe-b7ed12c6137d" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:58 GMT" + ], + "Content-Length": [ + "1163" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9297c21d-2ed6-4474-b48f-163f75654ce3\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy85NGMxOWYxOS04MTkyLTQ4Y2QtYTExYi1lMzcwOTlkM2UzNmI/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:f294cb83-cc87-49ef-a088-758dc4a6d25d" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "871c3253-74a9-4684-9aea-67c57b0af37e" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204159Z:871c3253-74a9-4684-9aea-67c57b0af37e" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:58 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '94c19f19-8192-48cd-a11b-e37099d3e36b' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy85NGMxOWYxOS04MTkyLTQ4Y2QtYTExYi1lMzcwOTlkM2UzNmI/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11994" + ], + "x-ms-request-id": [ + "westus2:ea4b64da-9379-43fd-b42d-b81b5985ace3" + ], + "x-ms-correlation-request-id": [ + "c95fb8a8-eaa2-4200-a1c2-1cdea6a6fc5f" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204159Z:c95fb8a8-eaa2-4200-a1c2-1cdea6a6fc5f" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:58 GMT" + ], + "Content-Length": [ + "579" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in European data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: North Europe, West Europe\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"northeurope\",\r\n \"westeurope\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"94c19f19-8192-48cd-a11b-e37099d3e36b\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/983211ba-f348-4758-983b-21fa29294869?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy85ODMyMTFiYS1mMzQ4LTQ3NTgtOTgzYi0yMWZhMjkyOTQ4Njk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:55ad3943-03b7-4d0f-9a5e-e5bf1e4266bf" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11995" + ], + "x-ms-correlation-request-id": [ + "d8475792-fc8d-4daa-9a4c-c1e549ca7cba" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204159Z:d8475792-fc8d-4daa-9a4c-c1e549ca7cba" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:58 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '983211ba-f348-4758-983b-21fa29294869' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/983211ba-f348-4758-983b-21fa29294869?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy85ODMyMTFiYS1mMzQ4LTQ3NTgtOTgzYi0yMWZhMjkyOTQ4Njk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:b9b8e366-374a-4c7a-84bb-2b62122d22d6" + ], + "x-ms-correlation-request-id": [ + "19cb4a8a-fef3-49f8-b094-07d0ddd99cae" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204159Z:19cb4a8a-fef3-49f8-b094-07d0ddd99cae" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:58 GMT" + ], + "Content-Length": [ + "680" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in United States data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"centralus\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"northcentralus\",\r\n \"southcentralus\",\r\n \"westus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"983211ba-f348-4758-983b-21fa29294869\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy85YmZlMzcyNy0wYTE3LTQ3MWYtYTJmZS1lZGRkNmI2Njg3NDU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:f322f180-497b-4b49-ba87-564b80a167ef" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-correlation-request-id": [ + "49fa71d2-a8f7-4bc6-a2c5-8a889916bf97" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204159Z:49fa71d2-a8f7-4bc6-a2c5-8a889916bf97" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:59 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '9bfe3727-0a17-471f-a2fe-eddd6b668745' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy85YmZlMzcyNy0wYTE3LTQ3MWYtYTJmZS1lZGRkNmI2Njg3NDU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11999" + ], + "x-ms-request-id": [ + "westus2:2c6aaf17-a867-4046-9742-a1c4b8d123aa" + ], + "x-ms-correlation-request-id": [ + "92b67a59-d237-46db-8d3f-dbb45605b880" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204159Z:92b67a59-d237-46db-8d3f-dbb45605b880" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:58 GMT" + ], + "Content-Length": [ + "1208" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9bfe3727-0a17-471f-a2fe-eddd6b668745\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/9daedab3-fb2d-461e-b861-71790eead4f6?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy85ZGFlZGFiMy1mYjJkLTQ2MWUtYjg2MS03MTc5MGVlYWQ0ZjY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:65b391d4-7054-42b7-898a-da3ec4640e5f" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "d1f0d1aa-9f6a-496b-b7df-bb8d37b0de16" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204159Z:d1f0d1aa-9f6a-496b-b7df-bb8d37b0de16" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:59 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition '9daedab3-fb2d-461e-b861-71790eead4f6' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/9daedab3-fb2d-461e-b861-71790eead4f6?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy85ZGFlZGFiMy1mYjJkLTQ2MWUtYjg2MS03MTc5MGVlYWQ0ZjY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11990" + ], + "x-ms-request-id": [ + "westus2:8e066b52-47e7-483f-bb0d-55dbde0bbf4a" + ], + "x-ms-correlation-request-id": [ + "c54cc1ce-2ab1-42f5-bd04-0430778820bb" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204159Z:c54cc1ce-2ab1-42f5-bd04-0430778820bb" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:59 GMT" + ], + "Content-Length": [ + "1161" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected network endpoints in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network endpoints without a Next Generation Firewall's protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedNetworkEndpoint\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9daedab3-fb2d-461e-b861-71790eead4f6\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9hMDhlYzkwMC0yNTRhLTQ1NTUtOWJmNS1lNDJhZjA0YjVjNWM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:8d84d81c-ad92-4531-b5cf-cbbecf9dc450" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11996" + ], + "x-ms-correlation-request-id": [ + "9cc60ebc-9cbb-43e1-a8ac-7a56bd445ea2" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204159Z:9cc60ebc-9cbb-43e1-a8ac-7a56bd445ea2" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:59 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'a08ec900-254a-4555-9bf5-e42af04b5c5c' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9hMDhlYzkwMC0yNTRhLTQ1NTUtOWJmNS1lNDJhZjA0YjVjNWM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11999" + ], + "x-ms-request-id": [ + "westus2:7601f926-1b11-451f-a26d-6e3c6565c1c5" + ], + "x-ms-correlation-request-id": [ + "e05c2cde-2d84-4e92-9a50-8fc9dcc861ae" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204159Z:e05c2cde-2d84-4e92-9a50-8fc9dcc861ae" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:59 GMT" + ], + "Content-Length": [ + "738" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that can be deployed.\",\r\n \"displayName\": \"Allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesAllowed')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a08ec900-254a-4555-9bf5-e42af04b5c5c\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9hMTgxN2VjMC1hMzY4LTQzMmEtODA1Ny04MzcxZTE3YWM2ZWU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:2b2c3cda-ee85-4686-bc4b-cbf5f00f8509" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-correlation-request-id": [ + "55ad6400-5956-4c1b-a193-b8ce600bc765" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204200Z:55ad6400-5956-4c1b-a193-b8ce600bc765" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:59 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'a1817ec0-a368-432a-8057-8371e17ac6ee' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9hMTgxN2VjMC1hMzY4LTQzMmEtODA1Ny04MzcxZTE3YWM2ZWU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-correlation-request-id": [ + "30f32fe0-b462-40bd-a70f-b8bcd06e7bda" + ], + "x-ms-request-id": [ + "westus2:585b8879-4c95-41a7-83e8-2794ad9af3bb" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204200Z:30f32fe0-b462-40bd-a70f-b8bcd06e7bda" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:00 GMT" + ], + "Content-Length": [ + "1079" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Service Bus namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1817ec0-a368-432a-8057-8371e17ac6ee\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9hNDUxYzFlZi1jNmNhLTQ4M2QtODdlZC1mNDk3NjFlM2ZmYjU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:eb3e8fba-7619-4c8c-94e2-972d8339908c" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "9d8832cd-0000-409d-8d32-54279dbbeaf6" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204200Z:9d8832cd-0000-409d-8d32-54279dbbeaf6" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:00 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'a451c1ef-c6ca-483d-87ed-f49761e3ffb5' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9hNDUxYzFlZi1jNmNhLTQ4M2QtODdlZC1mNDk3NjFlM2ZmYjU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11995" + ], + "x-ms-request-id": [ + "westus2:4b9d5788-cbea-4e5e-b294-ef122a1aa3d8" + ], + "x-ms-correlation-request-id": [ + "f15381aa-1bea-4f1d-aeff-2e72b34df9e4" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204200Z:f15381aa-1bea-4f1d-aeff-2e72b34df9e4" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:41:59 GMT" + ], + "Content-Length": [ + "975" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a451c1ef-c6ca-483d-87ed-f49761e3ffb5\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9hNmZiNDM1OC01YmY0LTRhZDctYmE4Mi0yY2QyZjQxY2U1ZTk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:c4cff627-b934-444d-b6e0-97fd218dfd9c" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11992" + ], + "x-ms-correlation-request-id": [ + "1614f125-d8fe-473f-8f58-5945abd52acb" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204200Z:1614f125-d8fe-473f-8f58-5945abd52acb" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:00 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9hNmZiNDM1OC01YmY0LTRhZDctYmE4Mi0yY2QyZjQxY2U1ZTk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11999" + ], + "x-ms-request-id": [ + "westus2:8b596a8e-bccd-43ec-b853-5b6bbf292bed" + ], + "x-ms-correlation-request-id": [ + "1fe37de9-05da-40aa-a5de-a2d49f06a2bf" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204200Z:1fe37de9-05da-40aa-a5de-a2d49f06a2bf" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:00 GMT" + ], + "Content-Length": [ + "1073" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL server level Auditing settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audits the existence of SQL Auditing at the server level\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Desired Auditing setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enabled\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9hN2FjYTUzZi0yZWQ0LTQ0NjYtYTI1ZS0wYjQ1YWRlNjhlZmQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:c83ed9b8-e394-4ff2-a4ca-6e8cb3052037" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-correlation-request-id": [ + "7e2b3ea7-c0a0-47e0-9f1f-f0d201700e61" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204201Z:7e2b3ea7-c0a0-47e0-9f1f-f0d201700e61" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:00 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'a7aca53f-2ed4-4466-a25e-0b45ade68efd' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9hN2FjYTUzZi0yZWQ0LTQ0NjYtYTI1ZS0wYjQ1YWRlNjhlZmQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:6f59a843-a0a3-40be-9ab1-f267ae261977" + ], + "x-ms-correlation-request-id": [ + "f0d374ac-8338-4121-9da4-11ac8d3929b5" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204201Z:f0d374ac-8338-4121-9da4-11ac8d3929b5" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:00 GMT" + ], + "Content-Length": [ + "1136" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit standard tier of DDoS protection is enabled for a virtual network\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableDDoSProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9hN2ZmMzE2MS0wMDg3LTQ5MGEtOWFkOS1hZDYyMTdmNGY0M2E/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:ea3fcfe7-48e8-40e1-93e9-409261e0976c" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11996" + ], + "x-ms-correlation-request-id": [ + "c872035a-28ce-42b5-ac5b-d1b442433008" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204201Z:c872035a-28ce-42b5-ac5b-d1b442433008" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:00 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'a7ff3161-0087-490a-9ad9-ad6217f4f43a' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9hN2ZmMzE2MS0wMDg3LTQ5MGEtOWFkOS1hZDYyMTdmNGY0M2E/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:538d7300-fa48-4fbf-af7a-2ead0b29030e" + ], + "x-ms-correlation-request-id": [ + "0f0de3ac-b259-4d64-958a-d6c0b2d17ea3" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204201Z:0f0de3ac-b259-4d64-958a-d6c0b2d17ea3" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:01 GMT" + ], + "Content-Length": [ + "654" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Enforce encryption on Data Lake Store accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures encryption is enabled on all Data Lake Store accounts\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DataLakeStore/accounts/encryptionState\",\r\n \"equals\": \"Disabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7ff3161-0087-490a-9ad9-ad6217f4f43a\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9hOGJlZjAwOS1hNWM5LTRkMGYtOTBkNy02MDE4NzM0ZThhMTY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:647e26ce-cb6a-40cc-8694-1f78bfb48a54" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11994" + ], + "x-ms-correlation-request-id": [ + "b356f36e-c9d6-40f9-9029-22bf40eeeb34" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204201Z:b356f36e-c9d6-40f9-9029-22bf40eeeb34" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:01 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'a8bef009-a5c9-4d0f-90d7-6018734e8a16' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9hOGJlZjAwOS1hNWM5LTRkMGYtOTBkNy02MDE4NzM0ZThhMTY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:928640aa-0305-4cff-adb7-f59a51e833c6" + ], + "x-ms-correlation-request-id": [ + "fa9f6098-fb24-4c6f-9a5a-369d4b79b0a6" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204201Z:fa9f6098-fb24-4c6f-9a5a-369d4b79b0a6" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:01 GMT" + ], + "Content-Length": [ + "1092" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unencrypted SQL servers or databases will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a8bef009-a5c9-4d0f-90d7-6018734e8a16\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9hOWI5OWRkOC0wNmM1LTQzMTctODYyOS05ZDg2YTNjNmU3ZDk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:6dae8f09-c9ab-474e-9cc0-c37831198f09" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11996" + ], + "x-ms-correlation-request-id": [ + "e770208c-d8c8-4336-a2df-649d7c87ecf6" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204201Z:e770208c-d8c8-4336-a2df-649d7c87ecf6" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:01 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'a9b99dd8-06c5-4317-8629-9d86a3c6e7d9' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9hOWI5OWRkOC0wNmM1LTQzMTctODYyOS05ZDg2YTNjNmU3ZDk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11995" + ], + "x-ms-request-id": [ + "westus2:1cd1d5a8-762f-4ba4-a3c7-b40c9cf231b1" + ], + "x-ms-correlation-request-id": [ + "066906dd-50b4-4022-b6cb-86b963bc5aa0" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204201Z:066906dd-50b4-4022-b6cb-86b963bc5aa0" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:01 GMT" + ], + "Content-Length": [ + "1465" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Deploy network watcher when virtual networks are created\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"networkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[field('location')]\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-09-01\",\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"name\": \"[concat('networkWacher_', parameters('location'))]\",\r\n \"location\": \"[parameters('location')]\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9hYTYzMzA4MC04YjcyLTQwYzQtYTJkNy1kMDBjMDNlODBiZWQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:eae1a956-1f87-4117-beff-527b8291e697" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-correlation-request-id": [ + "f8f7f2e2-e3b4-4f11-962d-76ff1c7489bd" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204201Z:f8f7f2e2-e3b4-4f11-962d-76ff1c7489bd" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:01 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'aa633080-8b72-40c4-a2d7-d00c03e80bed' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9hYTYzMzA4MC04YjcyLTQwYzQtYTJkNy1kMDBjMDNlODBiZWQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11994" + ], + "x-ms-request-id": [ + "westus2:c3786e60-2ceb-421a-9d03-d1b041ac5242" + ], + "x-ms-correlation-request-id": [ + "68384469-b642-49c8-8bc7-62efc25c3b52" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204202Z:68384469-b642-49c8-8bc7-62efc25c3b52" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:01 GMT" + ], + "Content-Length": [ + "1164" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with owner permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa633080-8b72-40c4-a2d7-d00c03e80bed\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/abcc6037-1fc4-47f6-aac5-89706589be24?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9hYmNjNjAzNy0xZmM0LTQ3ZjYtYWFjNS04OTcwNjU4OWJlMjQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:88e7dfc4-fd36-4343-bb29-b29b21f95e05" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "f0cd0aa0-21c4-44a7-b9dc-da26abe15114" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204202Z:f0cd0aa0-21c4-44a7-b9dc-da26abe15114" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:01 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'abcc6037-1fc4-47f6-aac5-89706589be24' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/abcc6037-1fc4-47f6-aac5-89706589be24?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9hYmNjNjAzNy0xZmM0LTQ3ZjYtYWFjNS04OTcwNjU4OWJlMjQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:ee59f27f-a5b0-4639-8fba-17ef4c90cf68" + ], + "x-ms-correlation-request-id": [ + "36b59213-5cbf-4c2c-919f-7a80d49c93fa" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204202Z:36b59213-5cbf-4c2c-919f-7a80d49c93fa" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:01 GMT" + ], + "Content-Length": [ + "982" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Automatic provisioning of security monitoring agent\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Installs security agent on VMs for advanced security alerts and preventions in Azure Security Center. Applies only for subscriptions that use Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"securityAgent\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abcc6037-1fc4-47f6-aac5-89706589be24\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9hYzdlNWZjMC1jMDI5LTRiMTItOTFkNC1hODUwMGNlNjk3Zjk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:1cad5791-dcb5-4362-9e95-d638e9310f1a" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11988" + ], + "x-ms-correlation-request-id": [ + "372e037c-1c11-4bc1-a502-a5f2992b5b11" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204202Z:372e037c-1c11-4bc1-a502-a5f2992b5b11" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:02 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'ac7e5fc0-c029-4b12-91d4-a8500ce697f9' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9hYzdlNWZjMC1jMDI5LTRiMTItOTFkNC1hODUwMGNlNjk3Zjk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11993" + ], + "x-ms-request-id": [ + "westus2:85b94069-f5b5-4942-aed1-b86829a20397" + ], + "x-ms-correlation-request-id": [ + "4ade4eed-ad02-4bd7-8992-19805230374e" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204202Z:4ade4eed-ad02-4bd7-8992-19805230374e" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:02 GMT" + ], + "Content-Length": [ + "647" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'environment' tag value in allowed values\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.environment\",\r\n \"in\": [\r\n \"production\",\r\n \"dev\",\r\n \"test\",\r\n \"staging\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9hZjZjZDFiZC0xNjM1LTQ4Y2ItYmRlNy01YjE1NjkzOTAwYjk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:a20d5fbc-e87c-4aab-b731-e4c68ceb6629" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "f8286da7-118f-409d-adfd-ebd4ca0a7c95" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204202Z:f8286da7-118f-409d-adfd-ebd4ca0a7c95" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:02 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'af6cd1bd-1635-48cb-bde7-5b15693900b9' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9hZjZjZDFiZC0xNjM1LTQ4Y2ItYmRlNy01YjE1NjkzOTAwYjk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11994" + ], + "x-ms-request-id": [ + "westus2:d2d7f606-83a0-4695-be17-64cd9a01c896" + ], + "x-ms-correlation-request-id": [ + "b8a28234-b0b2-44af-8a14-f59c0cf34560" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204202Z:b8a28234-b0b2-44af-8a14-f59c0cf34560" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:02 GMT" + ], + "Content-Length": [ + "1185" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"endpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af6cd1bd-1635-48cb-bde7-5b15693900b9\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/af8051bf-258b-44e2-a2bf-165330459f9d?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9hZjgwNTFiZi0yNThiLTQ0ZTItYTJiZi0xNjUzMzA0NTlmOWQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:778a436b-d050-4855-98f4-e7cfcb91fe63" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11995" + ], + "x-ms-correlation-request-id": [ + "8395efad-31ca-4e6b-807d-14a7b4c95a1e" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204202Z:8395efad-31ca-4e6b-807d-14a7b4c95a1e" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:02 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'af8051bf-258b-44e2-a2bf-165330459f9d' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/af8051bf-258b-44e2-a2bf-165330459f9d?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9hZjgwNTFiZi0yNThiLTQ0ZTItYTJiZi0xNjUzMzA0NTlmOWQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11993" + ], + "x-ms-request-id": [ + "westus2:6089e16d-bd61-468b-84e7-895a37475e88" + ], + "x-ms-correlation-request-id": [ + "008ea48d-c029-485a-acc6-881644e5c94a" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204202Z:008ea48d-c029-485a-acc6-881644e5c94a" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:02 GMT" + ], + "Content-Length": [ + "1119" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unaudited SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"SQL servers and databases which doesn't have SQL auditing turned on will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"auditing\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af8051bf-258b-44e2-a2bf-165330459f9d\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9iMGYzMzI1OS03N2Q3LTRjOWUtYWFjNi0zYWFiY2ZhZTY5M2M/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:4571ad71-3277-4601-aeb1-57c4229104b1" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "878d8e93-6852-4878-8381-5bb196c327a2" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204202Z:878d8e93-6852-4878-8381-5bb196c327a2" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:02 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'b0f33259-77d7-4c9e-aac6-3aabcfae693c' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9iMGYzMzI1OS03N2Q3LTRjOWUtYWFjNi0zYWFiY2ZhZTY5M2M/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:dd945255-5ee9-40d4-8292-fb929b5a9c71" + ], + "x-ms-correlation-request-id": [ + "650baa5e-c4e4-4358-90fb-5e105386071d" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204203Z:650baa5e-c4e4-4358-90fb-5e105386071d" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:03 GMT" + ], + "Content-Length": [ + "1102" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible network Just In Time (JIT) access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"jitNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9iMTgxNzVkZC1jNTk5LTRjNjQtODNiYS1iYjAxOGEwNmQzNWI/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:2d7e503d-d847-4efa-a659-616cffa611e4" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11995" + ], + "x-ms-correlation-request-id": [ + "8a7fa748-6486-4af7-a43d-2e0bab8d6aac" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204203Z:8a7fa748-6486-4af7-a43d-2e0bab8d6aac" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:03 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'b18175dd-c599-4c64-83ba-bb018a06d35b' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9iMTgxNzVkZC1jNTk5LTRjNjQtODNiYS1iYjAxOGEwNmQzNWI/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11992" + ], + "x-ms-request-id": [ + "westus2:183ecb3d-8184-41d3-a870-e55b9f3b0c11" + ], + "x-ms-correlation-request-id": [ + "f36c04b7-039b-438b-a35c-7480e1feb2bc" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204203Z:f36c04b7-039b-438b-a35c-7480e1feb2bc" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:03 GMT" + ], + "Content-Length": [ + "2097" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM /etc/passwd file permissions are set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/b278e460-7cfc-4451-8294-cccc40a940d7?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9iMjc4ZTQ2MC03Y2ZjLTQ0NTEtODI5NC1jY2NjNDBhOTQwZDc/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:9a6757f4-61fc-4738-be13-a241f2f24c60" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "11ad4430-c1fe-4211-9859-2e733cd06916" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204203Z:11ad4430-c1fe-4211-9859-2e733cd06916" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:03 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'b278e460-7cfc-4451-8294-cccc40a940d7' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/b278e460-7cfc-4451-8294-cccc40a940d7?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9iMjc4ZTQ2MC03Y2ZjLTQ0NTEtODI5NC1jY2NjNDBhOTQwZDc/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11994" + ], + "x-ms-request-id": [ + "westus2:8d329cfb-8b88-4b5e-99a0-d6396ca59551" + ], + "x-ms-correlation-request-id": [ + "4b27efd2-8c18-4145-9e42-06f61bfc069e" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204203Z:4b27efd2-8c18-4145-9e42-06f61bfc069e" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:03 GMT" + ], + "Content-Length": [ + "1071" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Event Hub namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b278e460-7cfc-4451-8294-cccc40a940d7\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9iMmZjOGY5MS04NjZkLTQ0MzQtOTA4OS01ZWJmZTM4ZDZmZDg/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:2cf6559f-f063-48bd-91bd-a460eb9484f7" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11996" + ], + "x-ms-correlation-request-id": [ + "a9e3f9be-ff5f-4bc8-8bc6-2e4a268e573e" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204203Z:a9e3f9be-ff5f-4bc8-8bc6-2e4a268e573e" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:03 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'b2fc8f91-866d-4434-9089-5ebfe38d6fd8' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9iMmZjOGY5MS04NjZkLTQ0MzQtOTA4OS01ZWJmZTM4ZDZmZDg/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-correlation-request-id": [ + "e782265d-8a50-4d77-a4c5-723765a3e9d4" + ], + "x-ms-request-id": [ + "westus2:53d37994-7d43-4f86-a2c8-d8356e956b4c" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11994" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204203Z:e782265d-8a50-4d77-a4c5-723765a3e9d4" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:03 GMT" + ], + "Content-Length": [ + "3195" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"AuditSecureProtocol\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AuditSecureProtocol\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9iNDMzMGEwNS1hODQzLTRiYzgtYmY5YS1jYWNjZTUwYzY3ZjQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:fe875314-2a8b-46c1-90bc-a97d1b46319b" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "4261039e-afbc-49a5-a492-7561be187c72" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204203Z:4261039e-afbc-49a5-a492-7561be187c72" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:03 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'b4330a05-a843-4bc8-bf9a-cacce50c67f4' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9iNDMzMGEwNS1hODQzLTRiYzgtYmY5YS1jYWNjZTUwYzY3ZjQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11994" + ], + "x-ms-request-id": [ + "westus2:aab373ea-08b2-4e88-a4a4-2b3b36ef66dd" + ], + "x-ms-correlation-request-id": [ + "7803832a-97f2-4b3c-882b-c993ffc85052" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204204Z:7803832a-97f2-4b3c-882b-c993ffc85052" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:03 GMT" + ], + "Content-Length": [ + "1400" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs for Search service\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Search\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9iNDgzMzRhNC05MTFiLTQwODQtYjFhYi0zZTZhNGU1MGI5NTE/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:9b3304fb-d6c0-4251-9fce-6175bb5fa6b9" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "3a2fe953-788f-476a-9b15-7d7f395f78b1" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204204Z:3a2fe953-788f-476a-9b15-7d7f395f78b1" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:03 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'b48334a4-911b-4084-b1ab-3e6a4e50b951' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9iNDgzMzRhNC05MTFiLTQwODQtYjFhYi0zZTZhNGU1MGI5NTE/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11995" + ], + "x-ms-request-id": [ + "westus2:bcfa64e8-b164-418f-97de-ae68c4f206b7" + ], + "x-ms-correlation-request-id": [ + "fc814b41-e76d-43eb-9ab0-11354576966d" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204204Z:fc814b41-e76d-43eb-9ab0-11354576966d" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:03 GMT" + ], + "Content-Length": [ + "1182" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an API app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b48334a4-911b-4084-b1ab-3e6a4e50b951\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9iNTRlZDc1Yi0zZTFhLTQ0YWMtYTMzMy0wNWJhMzliOTlmZjA/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:c20a7c2c-a2ea-4885-af61-5f04796e686e" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11996" + ], + "x-ms-correlation-request-id": [ + "e1464bbe-4ff1-4c59-9832-0a310630079d" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204204Z:e1464bbe-4ff1-4c59-9832-0a310630079d" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:04 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'b54ed75b-3e1a-44ac-a333-05ba39b99ff0' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9iNTRlZDc1Yi0zZTFhLTQ0YWMtYTMzMy0wNWJhMzliOTlmZjA/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11993" + ], + "x-ms-request-id": [ + "westus2:1265484c-7074-4351-9612-5e50aeb2f12a" + ], + "x-ms-correlation-request-id": [ + "066526d4-8256-4134-9293-18244c6a79ba" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204204Z:066526d4-8256-4134-9293-18244c6a79ba" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:04 GMT" + ], + "Content-Length": [ + "1019" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of Azure Active Directory for client authentication in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit usage of client authentication only via Azure Active Directory in Service Fabric\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b54ed75b-3e1a-44ac-a333-05ba39b99ff0\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9iYzAzNzhiYi1kN2FiLTQ2MTQtYTBmNi01YTZlM2YwMmQ2NDQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:02d82d7a-a6fe-43a8-b494-d40d2ce24aa4" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11995" + ], + "x-ms-correlation-request-id": [ + "04a9cdc2-190f-4a2c-a0f5-bf3b5915f40b" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204204Z:04a9cdc2-190f-4a2c-a0f5-bf3b5915f40b" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:03 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'bc0378bb-d7ab-4614-a0f6-5a6e3f02d644' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9iYzAzNzhiYi1kN2FiLTQ2MTQtYTBmNi01YTZlM2YwMmQ2NDQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11993" + ], + "x-ms-request-id": [ + "westus2:2255c75f-e359-4d79-9019-62387cbd45ce" + ], + "x-ms-correlation-request-id": [ + "3763f429-fa9f-4335-8070-70147d24f408" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204204Z:3763f429-fa9f-4335-8070-70147d24f408" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:04 GMT" + ], + "Content-Length": [ + "1214" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9iZTBhNzY4MS1iZWQ0LTQ4ZGMtOWZmMy1mMDE3MWVlMTcwYjY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:119488a8-b2de-4551-8d1b-e5ca608881f7" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11996" + ], + "x-ms-correlation-request-id": [ + "c3309077-ffde-4f1e-90de-958bbc4399f2" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204204Z:c3309077-ffde-4f1e-90de-958bbc4399f2" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:04 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'be0a7681-bed4-48dc-9ff3-f0171ee170b6' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9iZTBhNzY4MS1iZWQ0LTQ4ZGMtOWZmMy1mMDE3MWVlMTcwYjY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11994" + ], + "x-ms-request-id": [ + "westus2:4616bd3d-ce5a-4917-84af-e9f9cea6d1fb" + ], + "x-ms-correlation-request-id": [ + "dcfc8d06-d71f-4f6a-abf7-559d300d8d25" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204204Z:dcfc8d06-d71f-4f6a-abf7-559d300d8d25" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:03 GMT" + ], + "Content-Length": [ + "1294" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be0a7681-bed4-48dc-9ff3-f0171ee170b6\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9jMWI5Y2JlZC0wOGUzLTQyN2QtYjljZS03YzUzNWIxZTliOTQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:67bc8b6b-41b9-4b4f-a12d-f18c9a3bff59" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "f0b6305d-76a9-4a3a-8593-dd571a77ec15" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204204Z:f0b6305d-76a9-4a3a-8593-dd571a77ec15" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:04 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'c1b9cbed-08e3-427d-b9ce-7c535b1e9b94' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9jMWI5Y2JlZC0wOGUzLTQyN2QtYjljZS03YzUzNWIxZTliOTQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:4a0ca79e-dd80-4c03-8f64-936c13cdd718" + ], + "x-ms-correlation-request-id": [ + "874f04c2-4bb9-4e0d-a66b-69554f6dd6ff" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204204Z:874f04c2-4bb9-4e0d-a66b-69554f6dd6ff" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:04 GMT" + ], + "Content-Length": [ + "703" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Asia data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastasia\",\r\n \"southeastasia\",\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\",\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/c40c9087-1981-4e73-9f53-39743eda9d05?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9jNDBjOTA4Ny0xOTgxLTRlNzMtOWY1My0zOTc0M2VkYTlkMDU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:1f2d329b-0488-4a4a-b1c0-be099989cf08" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11994" + ], + "x-ms-correlation-request-id": [ + "2b07c58d-a9db-4204-ae34-980d82b2c69c" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204204Z:2b07c58d-a9db-4204-ae34-980d82b2c69c" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:04 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'c40c9087-1981-4e73-9f53-39743eda9d05' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/c40c9087-1981-4e73-9f53-39743eda9d05?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9jNDBjOTA4Ny0xOTgxLTRlNzMtOWY1My0zOTc0M2VkYTlkMDU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:5dd2e89d-a8b5-4ee2-b2a0-44df2c5df306" + ], + "x-ms-correlation-request-id": [ + "9dd90e03-82e7-48e6-a94f-233bacd3fd2a" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204205Z:9dd90e03-82e7-48e6-a94f-233bacd3fd2a" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:04 GMT" + ], + "Content-Length": [ + "2004" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9jODU1MzhjMS1iNTI3LTRjZTQtYmRiNC0xZGFiY2IzZmQ5MGQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:d4c9cfa6-6153-40af-9a1c-4c506aacb8d9" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "cf5e1692-4575-4a67-955b-b80943558df3" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204205Z:cf5e1692-4575-4a67-955b-b80943558df3" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:05 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'c85538c1-b527-4ce4-bdb4-1dabcb3fd90d' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9jODU1MzhjMS1iNTI3LTRjZTQtYmRiNC0xZGFiY2IzZmQ5MGQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11994" + ], + "x-ms-request-id": [ + "westus2:55007329-9b9d-49d1-a39c-bde783983def" + ], + "x-ms-correlation-request-id": [ + "b702849f-9e55-4337-a408-4b1afc2779ec" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204205Z:b702849f-9e55-4337-a408-4b1afc2779ec" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:04 GMT" + ], + "Content-Length": [ + "1155" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9jOTVjNzRkOS0zOGZlLTRmMGQtYWY4Ni0wYzdkNjI2YTMxNWM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:9512a78f-2e63-4990-83ef-f097dab745e1" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11993" + ], + "x-ms-correlation-request-id": [ + "0aa68ab0-e27e-444a-8443-37418c4f9bcd" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204205Z:0aa68ab0-e27e-444a-8443-37418c4f9bcd" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:05 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'c95c74d9-38fe-4f0d-af86-0c7d626a315c' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9jOTVjNzRkOS0zOGZlLTRmMGQtYWY4Ni0wYzdkNjI2YTMxNWM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:9a90a065-0d73-4885-9659-cfadb7f7dc2c" + ], + "x-ms-correlation-request-id": [ + "c64197f8-95b0-4a69-89c4-4323563717df" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204205Z:c64197f8-95b0-4a69-89c4-4323563717df" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:05 GMT" + ], + "Content-Length": [ + "1412" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Data Lake Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9jOWMyOTQ5OS1jMWQxLTQxOTUtOTliZC0yZWM5ZTNhOWRjODk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:156e6376-3c48-455b-9e9d-00a85606afc7" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "a4d5562a-0437-424a-9cbe-8a03cf4c5b40" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204205Z:a4d5562a-0437-424a-9cbe-8a03cf4c5b40" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:05 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'c9c29499-c1d1-4195-99bd-2ec9e3a9dc89' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9jOWMyOTQ5OS1jMWQxLTQxOTUtOTliZC0yZWM5ZTNhOWRjODk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11992" + ], + "x-ms-request-id": [ + "westus2:0723966d-6a14-41f9-908a-3727b3920c04" + ], + "x-ms-correlation-request-id": [ + "e0549ab5-dedd-48ac-a466-e602d928ca69" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204205Z:e0549ab5-dedd-48ac-a466-e602d928ca69" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:05 GMT" + ], + "Content-Length": [ + "3613" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Apply Diagnostic Settings for Network Security Groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy automatically deploys diagnostic settings to network security groups.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist)\",\r\n \"description\": \"This resource group must already exist\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setbypolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"rgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"storageDeployName\": \"[concat('policyStorage_', uniqueString(parameters('location'), parameters('nsgName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('nsgName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [\r\n \"[variables('storageDeployName')]\"\r\n ],\r\n \"properties\": {\r\n \"storageAccountId\": \"[reference(variables('storageDeployName')).outputs.storageAccountId.value]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('storageDeployName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('rgName')]\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-06-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[concat(parameters('storageprefix'), parameters('location'))]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"location\": \"[parameters('location')]\",\r\n \"tags\": {\r\n \"created-by\": \"policy\"\r\n },\r\n \"scale\": null,\r\n \"properties\": {\r\n \"networkAcls\": {\r\n \"bypass\": \"AzureServices\",\r\n \"defaultAction\": \"Allow\",\r\n \"ipRules\": [],\r\n \"virtualNetworkRules\": []\r\n },\r\n \"supportsHttpsTrafficOnly\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"storageAccountId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[resourceId(parameters('rgName'), 'Microsoft.Storage/storageAccounts',concat(parameters('storagePrefix'), parameters('location')))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('rgName')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9jYjUxMGJmZC0xY2JhLTRkOWYtYTIzMC1jYjA5NzZmNGJiNzE/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:e750465d-d108-4174-a8f6-cb571e5ad088" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11996" + ], + "x-ms-correlation-request-id": [ + "d34d9f14-6846-4cdd-86df-bae48ab6bfe9" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204205Z:d34d9f14-6846-4cdd-86df-bae48ab6bfe9" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:05 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'cb510bfd-1cba-4d9f-a230-cb0976f4bb71' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9jYjUxMGJmZC0xY2JhLTRkOWYtYTIzMC1jYjA5NzZmNGJiNzE/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11993" + ], + "x-ms-request-id": [ + "westus2:3e944a2c-5789-4112-b147-9aed2729535e" + ], + "x-ms-correlation-request-id": [ + "d767a075-5941-4a92-8b4f-3e566e4fd8a3" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204205Z:d767a075-5941-4a92-8b4f-3e566e4fd8a3" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:05 GMT" + ], + "Content-Length": [ + "1256" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb510bfd-1cba-4d9f-a230-cb0976f4bb71\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9jY2NjMjNjNy04NDI3LTRmNTMtYWQxMi1iNmE2M2ViNDUyYjM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:0051d065-2695-4591-975c-a26e956c858f" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11994" + ], + "x-ms-correlation-request-id": [ + "133fe096-980f-45a9-a269-e20220afc903" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204205Z:133fe096-980f-45a9-a269-e20220afc903" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:05 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'cccc23c7-8427-4f53-ad12-b6a63eb452b3' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9jY2NjMjNjNy04NDI3LTRmNTMtYWQxMi1iNmE2M2ViNDUyYjM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:47a638ee-12c9-47ac-9bcc-f19e8b217e4d" + ], + "x-ms-correlation-request-id": [ + "820d25cb-36e8-403e-aae6-fac84f2985b8" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204206Z:820d25cb-36e8-403e-aae6-fac84f2985b8" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:05 GMT" + ], + "Content-Length": [ + "844" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Allowed virtual machine SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for virtual machines.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cccc23c7-8427-4f53-ad12-b6a63eb452b3\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9jZDhkYzg3OS1hMmFlLTQzYzMtODIxMS0xODc3YzU3NTUwNjQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:c1a62d46-2568-495a-9aa4-82d14ec61225" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "07264849-0db6-4291-9afe-ae31fbc1031d" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204206Z:07264849-0db6-4291-9afe-ae31fbc1031d" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:05 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'cd8dc879-a2ae-43c3-8211-1877c5755064' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9jZDhkYzg3OS1hMmFlLTQzYzMtODIxMS0xODc3YzU3NTUwNjQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11994" + ], + "x-ms-request-id": [ + "westus2:ed10cd00-d3f7-4141-8e16-82b5bb687346" + ], + "x-ms-correlation-request-id": [ + "14ddb01d-36f6-4e8b-a4c4-b8df3b39cf9d" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204206Z:14ddb01d-36f6-4e8b-a4c4-b8df3b39cf9d" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:05 GMT" + ], + "Content-Length": [ + "539" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'department' tag set\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation only if the 'department' tag is set\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags\",\r\n \"containsKey\": \"department\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd8dc879-a2ae-43c3-8211-1877c5755064\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9jZGJmNzJkOS1hYzljLTQwMjYtOGEzYS00OTFhNWFjNTkyOTM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:450333cc-23cc-4ca0-9b2b-30f21c58f425" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11993" + ], + "x-ms-correlation-request-id": [ + "e21ffc81-7da8-4cb2-b8fe-23d876d2c2a9" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204206Z:e21ffc81-7da8-4cb2-b8fe-23d876d2c2a9" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:05 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'cdbf72d9-ac9c-4026-8a3a-491a5ac59293' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9jZGJmNzJkOS1hYzljLTQwMjYtOGEzYS00OTFhNWFjNTkyOTM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11995" + ], + "x-ms-request-id": [ + "westus2:75af0979-41e4-4e71-8cd8-1fecfbe62a42" + ], + "x-ms-correlation-request-id": [ + "07002c7a-b9da-4d4d-bbbe-510a59b6111e" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204206Z:07002c7a-b9da-4d4d-bbbe-510a59b6111e" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:06 GMT" + ], + "Content-Length": [ + "1388" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9jZjgyMGNhMC1mOTllLTRmM2UtODRmYi02NmU5MTM4MTJkMjE/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:5b6cf3d6-f13d-49f7-8280-181ceef9fb80" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11996" + ], + "x-ms-correlation-request-id": [ + "9b5e6fb1-3438-4176-ae99-695e4db1c942" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204206Z:9b5e6fb1-3438-4176-ae99-695e4db1c942" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:05 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'cf820ca0-f99e-4f3e-84fb-66e913812d21' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9jZjgyMGNhMC1mOTllLTRmM2UtODRmYi02NmU5MTM4MTJkMjE/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:d8ad64f5-22bd-4f52-8c55-221016446986" + ], + "x-ms-correlation-request-id": [ + "5cb15daa-deeb-456f-8fc6-f7dd1c987850" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204206Z:5cb15daa-deeb-456f-8fc6-f7dd1c987850" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:06 GMT" + ], + "Content-Length": [ + "1391" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Key Vault\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf820ca0-f99e-4f3e-84fb-66e913812d21\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9kMWNiNDdkYi1iN2ExLTRjNDYtODE0ZS1hYWQxYzBlODRmM2M/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:e367025c-0110-4e8e-9d8d-e12daa505e4c" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11996" + ], + "x-ms-correlation-request-id": [ + "9ddec2b5-4ab2-473d-aa94-2ebd2a34e424" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204206Z:9ddec2b5-4ab2-473d-aa94-2ebd2a34e424" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:05 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'd1cb47db-b7a1-4c46-814e-aad1c0e84f3c' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9kMWNiNDdkYi1iN2ExLTRjNDYtODE0ZS1hYWQxYzBlODRmM2M/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11994" + ], + "x-ms-request-id": [ + "westus2:57ae507a-3b60-4eb3-8055-cabb03e0c393" + ], + "x-ms-correlation-request-id": [ + "5ff596de-6a0c-47ba-a637-3749a0f6183a" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204206Z:5ff596de-6a0c-47ba-a637-3749a0f6183a" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:06 GMT" + ], + "Content-Length": [ + "1242" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Function Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a Function app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9kZDJlYTUyMC02YjA2LTQ1YzMtODA2ZS1lYTI5N2MyM2UwNmE/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:9ca61826-80e8-4c75-9315-dc5bb4fd5c2b" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11996" + ], + "x-ms-correlation-request-id": [ + "02325da7-c343-4f43-943b-13b54f7b4e9c" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204206Z:02325da7-c343-4f43-943b-13b54f7b4e9c" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:06 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'dd2ea520-6b06-45c3-806e-ea297c23e06a' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9kZDJlYTUyMC02YjA2LTQ1YzMtODA2ZS1lYTI5N2MyM2UwNmE/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:f9139d3b-217c-4422-8caf-faf1ad638da3" + ], + "x-ms-correlation-request-id": [ + "803981c4-07ab-415f-81b9-49bfc397491f" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204206Z:803981c4-07ab-415f-81b9-49bfc397491f" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:06 GMT" + ], + "Content-Length": [ + "1259" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a web application from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd2ea520-6b06-45c3-806e-ea297c23e06a\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/e01598e8-6538-41ed-95e8-8b29746cd697?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9lMDE1OThlOC02NTM4LTQxZWQtOTVlOC04YjI5NzQ2Y2Q2OTc/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:c840b3fa-ad38-47f2-9e40-5c083d4facec" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "e049b9ae-1540-4b66-8d09-76cc79d37694" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204206Z:e049b9ae-1540-4b66-8d09-76cc79d37694" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:06 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'e01598e8-6538-41ed-95e8-8b29746cd697' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/e01598e8-6538-41ed-95e8-8b29746cd697?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9lMDE1OThlOC02NTM4LTQxZWQtOTVlOC04YjI5NzQ2Y2Q2OTc/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:85073421-4a7e-4aeb-ae14-ea08cc7274f1" + ], + "x-ms-correlation-request-id": [ + "c7763f73-8368-435d-8028-d74136737022" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204207Z:c7763f73-8368-435d-8028-d74136737022" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:06 GMT" + ], + "Content-Length": [ + "570" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e01598e8-6538-41ed-95e8-8b29746cd697\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9lMWU1ZmQ1ZC0zZTRjLTRjZTEtODY2MS03ZDE4NzNhZTZiMTU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:54f239d3-ec76-4075-842e-82bc4dc95ddb" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11996" + ], + "x-ms-correlation-request-id": [ + "d98ba148-3cf8-40b1-8112-e478077c0322" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204207Z:d98ba148-3cf8-40b1-8112-e478077c0322" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:06 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9lMWU1ZmQ1ZC0zZTRjLTRjZTEtODY2MS03ZDE4NzNhZTZiMTU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:b7c160ad-135b-4621-9d90-dec1bb9a583b" + ], + "x-ms-correlation-request-id": [ + "ddf9f91e-1ae2-4195-8b53-1fbf6eb03877" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204207Z:ddf9f91e-1ae2-4195-8b53-1fbf6eb03877" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:06 GMT" + ], + "Content-Length": [ + "1173" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor OS vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"osVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9lMmRkNzk5YS1hOTMyLTRlOWQtYWMxNy1kNDczYmMzYzZjMTA/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:4b1e0c8e-28b0-497b-aa7a-a7d8c45c0f86" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "36ff7e77-9392-4bd2-b85a-8d0c25ab3141" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204207Z:36ff7e77-9392-4bd2-b85a-8d0c25ab3141" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:06 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'e2dd799a-a932-4e9d-ac17-d473bc3c6c10' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9lMmRkNzk5YS1hOTMyLTRlOWQtYWMxNy1kNDczYmMzYzZjMTA/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:e1e1ea68-d435-40a5-9b5f-f1adc6221b1a" + ], + "x-ms-correlation-request-id": [ + "a9cb5e4f-6c4e-4385-ab8f-2fd8d7afdfbf" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204207Z:a9cb5e4f-6c4e-4385-ab8f-2fd8d7afdfbf" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:06 GMT" + ], + "Content-Length": [ + "5390" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/e3576e28-8b17-4677-84c3-db2990658d64?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9lMzU3NmUyOC04YjE3LTQ2NzctODRjMy1kYjI5OTA2NThkNjQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:e3656750-2a02-4350-9853-acf6881cc09b" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "b5814866-0859-4b4d-9ce0-15c046772079" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204207Z:b5814866-0859-4b4d-9ce0-15c046772079" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:07 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'e3576e28-8b17-4677-84c3-db2990658d64' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/e3576e28-8b17-4677-84c3-db2990658d64?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9lMzU3NmUyOC04YjE3LTQ2NzctODRjMy1kYjI5OTA2NThkNjQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:7ecbf250-04a3-47f2-94b3-4419ce1dea5a" + ], + "x-ms-correlation-request-id": [ + "553925e6-087e-45ef-8da6-54aa93ae1468" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204207Z:553925e6-087e-45ef-8da6-54aa93ae1468" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:07 GMT" + ], + "Content-Length": [ + "1160" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3576e28-8b17-4677-84c3-db2990658d64\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9lNTY5NjJhNi00NzQ3LTQ5Y2QtYjY3Yi1iZjhiMDE5NzVjNGM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:ac9b44c4-838a-4573-824e-c12073a45eff" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "d899569e-e369-4284-a802-b3a9a8235bdd" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204207Z:d899569e-e369-4284-a802-b3a9a8235bdd" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:07 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'e56962a6-4747-49cd-b67b-bf8b01975c4c' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9lNTY5NjJhNi00NzQ3LTQ5Y2QtYjY3Yi1iZjhiMDE5NzVjNGM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:dfb003a6-0b21-4599-bf69-12305a42ac81" + ], + "x-ms-correlation-request-id": [ + "74ab6a01-bc81-4b9b-8191-e4a65ab1b540" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204207Z:74ab6a01-bc81-4b9b-8191-e4a65ab1b540" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:06 GMT" + ], + "Content-Length": [ + "1049" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"global\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"notEquals\": \"Microsoft.AzureActiveDirectory/b2cDirectories\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e56962a6-4747-49cd-b67b-bf8b01975c4c\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9lNjc2ODdlOC0wOGQ1LTRlN2YtODIyNi01YjQ3NTNiYmEwMDg/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:80bff448-64a8-488f-8cd9-1c463aee9f17" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11992" + ], + "x-ms-correlation-request-id": [ + "cbbeca0f-2cfa-4566-aa00-1dd7f0c3795f" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204208Z:cbbeca0f-2cfa-4566-aa00-1dd7f0c3795f" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:07 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'e67687e8-08d5-4e7f-8226-5b4753bba008' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9lNjc2ODdlOC0wOGQ1LTRlN2YtODIyNi01YjQ3NTNiYmEwMDg/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:cb30ce3c-7cc1-44d1-9ac1-63e132bc2a2b" + ], + "x-ms-correlation-request-id": [ + "87486f77-0d68-4008-928d-b148ffbbbe17" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204208Z:87486f77-0d68-4008-928d-b148ffbbbe17" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:08 GMT" + ], + "Content-Length": [ + "1235" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Node.js Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Node.js version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestNodeJS\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e67687e8-08d5-4e7f-8226-5b4753bba008\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9lNzY1YjVkZS0xMjI1LTRiYTMtYmQ1Ni0xYWM2Njk1YWY5ODg/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:25ac3e4d-ecb7-4072-9b06-4b7f3a22d26e" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11995" + ], + "x-ms-correlation-request-id": [ + "bddf76ec-df84-438e-a65e-b002bbab9079" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204208Z:bddf76ec-df84-438e-a65e-b002bbab9079" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:07 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'e765b5de-1225-4ba3-bd56-1ac6695af988' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9lNzY1YjVkZS0xMjI1LTRiYTMtYmQ1Ni0xYWM2Njk1YWY5ODg/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:878cf62d-0cba-46bf-aefd-75b733f1ceb6" + ], + "x-ms-correlation-request-id": [ + "429c8923-d54c-456d-ac02-96c7e2c71d83" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204208Z:429c8923-d54c-456d-ac02-96c7e2c71d83" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:07 GMT" + ], + "Content-Length": [ + "908" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations for resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that resource groups can be created in.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e765b5de-1225-4ba3-bd56-1ac6695af988\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9lNzk3Zjg1MS04YmU3LTRjNDAtYmI1Ni0yZTMzOTUyMTViMGU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:a9ad6944-ac8d-4525-8f2b-9334a102c24f" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11995" + ], + "x-ms-correlation-request-id": [ + "b6030618-7eb5-43ea-acd8-21b5ca873baf" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204208Z:b6030618-7eb5-43ea-acd8-21b5ca873baf" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:07 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'e797f851-8be7-4c40-bb56-2e3395215b0e' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9lNzk3Zjg1MS04YmU3LTRjNDAtYmI1Ni0yZTMzOTUyMTViMGU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11993" + ], + "x-ms-request-id": [ + "westus2:b08ee7b3-1835-4815-8c00-3397fb42a44e" + ], + "x-ms-correlation-request-id": [ + "57512d40-92dc-4dbe-9711-49c26a1af9ab" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204208Z:57512d40-92dc-4dbe-9711-49c26a1af9ab" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:07 GMT" + ], + "Content-Length": [ + "1282" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within a web application must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e797f851-8be7-4c40-bb56-2e3395215b0e\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9lOWM4ZDA4NS1kOWNjLTRiMTctOWNkYy0wNTlmMWYwMWYxOWU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:817ae523-6b35-4653-bd03-df94efe2d044" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11991" + ], + "x-ms-correlation-request-id": [ + "04be22c3-fece-4331-bc88-ab786a453472" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204208Z:04be22c3-fece-4331-bc88-ab786a453472" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:08 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'e9c8d085-d9cc-4b17-9cdc-059f1f01f19e' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9lOWM4ZDA4NS1kOWNjLTRiMTctOWNkYy0wNTlmMWYwMWYxOWU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:0c13fc22-8acb-4cdd-aa48-20be4921b76f" + ], + "x-ms-correlation-request-id": [ + "dfcfb775-9062-410a-9ffd-bd9f65ae13d1" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204208Z:dfcfb775-9062-410a-9ffd-bd9f65ae13d1" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:07 GMT" + ], + "Content-Length": [ + "1156" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an API app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9lYmI2MmEwYy0zNTYwLTQ5ZTEtODllZC0yN2UwNzRlOWY4YWQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:127d5395-46c6-4748-91a5-c62f09ec680c" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11994" + ], + "x-ms-correlation-request-id": [ + "86153fe5-e755-43c3-a9a9-b60fbf92074f" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204208Z:86153fe5-e755-43c3-a9a9-b60fbf92074f" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:08 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'ebb62a0c-3560-49e1-89ed-27e074e9f8ad' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9lYmI2MmEwYy0zNTYwLTQ5ZTEtODllZC0yN2UwNzRlOWY4YWQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:cf35ad6a-963e-4bde-b3f5-90a54270bf01" + ], + "x-ms-correlation-request-id": [ + "17151aae-3533-482f-b103-640d7a40088a" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204208Z:17151aae-3533-482f-b103-640d7a40088a" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:08 GMT" + ], + "Content-Length": [ + "1175" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/ec49586f-4939-402d-a29e-6ff502b20592?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9lYzQ5NTg2Zi00OTM5LTQwMmQtYTI5ZS02ZmY1MDJiMjA1OTI/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:5d23b923-3bbf-4cb7-8cfb-128c94326f50" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "96b2aa79-3b53-4258-b538-c7b7492b3434" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204208Z:96b2aa79-3b53-4258-b538-c7b7492b3434" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:08 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'ec49586f-4939-402d-a29e-6ff502b20592' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/ec49586f-4939-402d-a29e-6ff502b20592?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9lYzQ5NTg2Zi00OTM5LTQwMmQtYTI5ZS02ZmY1MDJiMjA1OTI/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11994" + ], + "x-ms-request-id": [ + "westus2:5bc5f94e-27d2-4a04-b4d0-02f3bc4e38c3" + ], + "x-ms-correlation-request-id": [ + "8f38b3d8-1f6e-4279-803c-1caf9d1f04f5" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204208Z:8f38b3d8-1f6e-4279-803c-1caf9d1f04f5" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:08 GMT" + ], + "Content-Length": [ + "3901" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration and Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid110\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec49586f-4939-402d-a29e-6ff502b20592\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/f0633351-c7b2-41ff-9981-508fc08553c2?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9mMDYzMzM1MS1jN2IyLTQxZmYtOTk4MS01MDhmYzA4NTUzYzI/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:6387d55d-1584-4fe4-b856-bb3bba233297" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11996" + ], + "x-ms-correlation-request-id": [ + "74c97bc0-7930-41fe-b34e-27edca9b0e2d" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204209Z:74c97bc0-7930-41fe-b34e-27edca9b0e2d" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:08 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'f0633351-c7b2-41ff-9981-508fc08553c2' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/f0633351-c7b2-41ff-9981-508fc08553c2?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9mMDYzMzM1MS1jN2IyLTQxZmYtOTk4MS01MDhmYzA4NTUzYzI/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:7c8d690f-c213-4eb3-8d0d-05a3f031935f" + ], + "x-ms-correlation-request-id": [ + "e36a8948-a906-4836-a52b-75d8c8218c42" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204209Z:e36a8948-a906-4836-a52b-75d8c8218c42" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:08 GMT" + ], + "Content-Length": [ + "4077" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"NotInstalledApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"NotInstalledApplication\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[Parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0633351-c7b2-41ff-9981-508fc08553c2\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9mMTlhYTFjMS02YjkxLTRjMjctYWU2YS05NzAyNzlmMDNkYjk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:3f60ea6e-f44c-4908-95f6-07b376681d5d" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11993" + ], + "x-ms-correlation-request-id": [ + "aa782fd5-d95d-4249-bdb0-337634385507" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204209Z:aa782fd5-d95d-4249-bdb0-337634385507" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:08 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'f19aa1c1-6b91-4c27-ae6a-970279f03db9' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9mMTlhYTFjMS02YjkxLTRjMjctYWU2YS05NzAyNzlmMDNkYjk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:2ced0c36-af56-4087-ac5d-0f40e8c5b907" + ], + "x-ms-correlation-request-id": [ + "1b91cf99-ac62-41be-a931-194e04d68166" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204209Z:1b91cf99-ac62-41be-a931-194e04d68166" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:09 GMT" + ], + "Content-Length": [ + "3911" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid121\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9mNDdiNTU4Mi0zM2VjLTRjNWMtODdjMC1iMDEwYTZiMmU5MTc/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:d86727b2-5c5c-4690-8bc4-dea6f0103c1a" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-correlation-request-id": [ + "0a24c8c1-b207-41cc-8a3e-f3531fa40999" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204209Z:0a24c8c1-b207-41cc-8a3e-f3531fa40999" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:09 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'f47b5582-33ec-4c5c-87c0-b010a6b2e917' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9mNDdiNTU4Mi0zM2VjLTRjNWMtODdjMC1iMDEwYTZiMmU5MTc/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11992" + ], + "x-ms-request-id": [ + "westus2:2dc2e2f0-4e71-402f-b0b5-a8e861c81718" + ], + "x-ms-correlation-request-id": [ + "e9e68c3d-7f1a-4e22-9820-5d2554d0fde9" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204209Z:e9e68c3d-7f1a-4e22-9820-5d2554d0fde9" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:09 GMT" + ], + "Content-Length": [ + "1136" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if they not logging to the LA workspace specified in the policy/initiative assignment.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"notEquals\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f47b5582-33ec-4c5c-87c0-b010a6b2e917\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9mNDgyNmU1Zi02YTI3LTQwN2MtYWUzZS05NTgyZWIzOTg5MWQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:a31e4776-a274-4fe0-ad8e-dd5e6a318a45" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "7fa33dd9-a031-492e-9124-5a76036f57dc" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204209Z:7fa33dd9-a031-492e-9124-5a76036f57dc" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:09 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'f4826e5f-6a27-407c-ae3e-9582eb39891d' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9mNDgyNmU1Zi02YTI3LTQwN2MtYWUzZS05NTgyZWIzOTg5MWQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:d1a6bfb2-b7ae-4918-8bba-2c55d7f307cd" + ], + "x-ms-correlation-request-id": [ + "7231b37d-e45a-46e1-9000-39107a22a7db" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204209Z:7231b37d-e45a-46e1-9000-39107a22a7db" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:09 GMT" + ], + "Content-Length": [ + "902" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of authorization rules on Event Hub entities\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit existence of authorization rules on Event Hub entities to grant least-privileged access\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/eventhubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/eventHubs/authorizationRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4826e5f-6a27-407c-ae3e-9582eb39891d\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9mNDhiMjkxMy0xZGM1LTQ4MzQtOGM3Mi1jY2MxZGZkODE5YmI/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:4023f326-8e41-4552-8cb9-b257c6bb951e" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11996" + ], + "x-ms-correlation-request-id": [ + "d5bfbc4c-c50d-422b-b145-9e06d24287de" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204210Z:d5bfbc4c-c50d-422b-b145-9e06d24287de" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:10 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'f48b2913-1dc5-4834-8c72-ccc1dfd819bb' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9mNDhiMjkxMy0xZGM1LTQ4MzQtOGM3Mi1jY2MxZGZkODE5YmI/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11994" + ], + "x-ms-request-id": [ + "westus2:b1b507ef-6157-4fe8-9723-70419c39b562" + ], + "x-ms-correlation-request-id": [ + "52d4d6c9-f6c8-4815-8786-41dcb40c2756" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204210Z:52d4d6c9-f6c8-4815-8786-41dcb40c2756" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:10 GMT" + ], + "Content-Length": [ + "1387" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9mNGM2ODQ4NC0xMzJmLTQxZjktOWI2ZC0zZTRiMWNiNTUwMzY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:41b8457d-9718-4c9d-bef3-692397ed5aec" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11996" + ], + "x-ms-correlation-request-id": [ + "ff9f7f40-3391-447c-918f-961b0c79898a" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204210Z:ff9f7f40-3391-447c-918f-961b0c79898a" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:10 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'f4c68484-132f-41f9-9b6d-3e4b1cb55036' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9mNGM2ODQ4NC0xMzJmLTQxZjktOWI2ZC0zZTRiMWNiNTUwMzY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11995" + ], + "x-ms-request-id": [ + "westus2:11d373a0-cb95-4d1c-bddb-8e65e0a8a51e" + ], + "x-ms-correlation-request-id": [ + "fbc03f19-b26c-4a19-bc1f-cb1964b382b5" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204210Z:fbc03f19-b26c-4a19-bc1f-cb1964b382b5" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:10 GMT" + ], + "Content-Length": [ + "4046" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Deploy Auditing on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\",\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9mODQ1NmMxYy1hYTY2LTRkZmItODYxYS0yNWQxMjdiNzc1Yzk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:2383199c-d4c5-4d4c-b411-01beb14c9f5b" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11995" + ], + "x-ms-correlation-request-id": [ + "81f3f3d4-454e-4a98-b632-58cd683057ea" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204210Z:81f3f3d4-454e-4a98-b632-58cd683057ea" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:10 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'f8456c1c-aa66-4dfb-861a-25d127b775c9' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9mODQ1NmMxYy1hYTY2LTRkZmItODYxYS0yNWQxMjdiNzc1Yzk/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-correlation-request-id": [ + "a03550da-243e-470b-a106-1297347fa451" + ], + "x-ms-request-id": [ + "westus2:51055eb9-42c3-47c2-8b82-d21538786824" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204210Z:a03550da-243e-470b-a106-1297347fa451" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:10 GMT" + ], + "Content-Length": [ + "1134" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8456c1c-aa66-4dfb-861a-25d127b775c9\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9mOGQzNmUyZi0zODliLTRlZTQtODk4ZC0yMWFlYjY5YTBmNDU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:01d07315-3066-4c19-8dbe-8d40897590fa" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11996" + ], + "x-ms-correlation-request-id": [ + "9324a71c-0989-4087-b2f7-c01955d98a19" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204210Z:9324a71c-0989-4087-b2f7-c01955d98a19" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:09 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'f8d36e2f-389b-4ee4-898d-21aeb69a0f45' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9mOGQzNmUyZi0zODliLTRlZTQtODk4ZC0yMWFlYjY5YTBmNDU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:16c40d08-fcdb-4945-9d4e-4f121acce988" + ], + "x-ms-correlation-request-id": [ + "33625261-d072-411b-9504-e70802eda070" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204210Z:33625261-d072-411b-9504-e70802eda070" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:10 GMT" + ], + "Content-Length": [ + "1401" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Service Bus\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9mOWJlNTM2OC05YmY1LTRiODQtOWUwYS03ODUwZGE5OGJiNDY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:5fcc8d2e-c0d4-4295-9f5a-689493383d79" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "4ebec9e9-e0f4-4652-b54c-a999743ab95c" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204210Z:4ebec9e9-e0f4-4652-b54c-a999743ab95c" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:10 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'f9be5368-9bf5-4b84-9e0a-7850da98bb46' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9mOWJlNTM2OC05YmY1LTRiODQtOWUwYS03ODUwZGE5OGJiNDY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11996" + ], + "x-ms-request-id": [ + "westus2:ffc0d14b-74db-4c58-a31b-3f36e739a8a9" + ], + "x-ms-correlation-request-id": [ + "89b90cfe-9e64-4804-bef0-11170b86e679" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204210Z:89b90cfe-9e64-4804-bef0-11170b86e679" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:10 GMT" + ], + "Content-Length": [ + "1425" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Stream Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Stream Analytics\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingJobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9mZWU1Y2IyYi05ZDliLTQxMGUtYWZlMy0yOTAyZDkwZDAwMDQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:0500e33e-0c54-4f3f-a526-cca2303335e6" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11993" + ], + "x-ms-correlation-request-id": [ + "577a5d73-ef03-4da9-a971-b4214de375b2" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204211Z:577a5d73-ef03-4da9-a971-b4214de375b2" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:10 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'fee5cb2b-9d9b-410e-afe3-2902d90d0004' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9mZWU1Y2IyYi05ZDliLTQxMGUtYWZlMy0yOTAyZDkwZDAwMDQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11995" + ], + "x-ms-request-id": [ + "westus2:89ab4e30-78f2-46a9-94dd-284142492d08" + ], + "x-ms-correlation-request-id": [ + "c81b3cd2-0af7-4f8c-b67b-bfcdd882fdc9" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204211Z:c81b3cd2-0af7-4f8c-b67b-bfcdd882fdc9" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:11 GMT" + ], + "Content-Length": [ + "2236" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits that the specified application is installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9mZWVkYmY4NC02Yjk5LTQ4OGMtYWNjMi03MWM4MjlhYTVmZmM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:227a95dc-fb31-4916-941e-0c8928d619c5" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11996" + ], + "x-ms-correlation-request-id": [ + "b70e4005-27fe-45ab-b630-a052a64851fe" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204211Z:b70e4005-27fe-45ab-b630-a052a64851fe" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:11 GMT" + ], + "Content-Length": [ + "138" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'feedbf84-6b99-488c-acc2-71c829aa5ffc' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9mZWVkYmY4NC02Yjk5LTQ4OGMtYWNjMi03MWM4MjlhYTVmZmM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11995" + ], + "x-ms-request-id": [ + "westus2:1c8c4d5d-4591-4829-8573-321faedd53fe" + ], + "x-ms-correlation-request-id": [ + "d6d2dae5-a528-4c30-8902-cb8c3f2064b7" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204211Z:d6d2dae5-a528-4c30-8902-cb8c3f2064b7" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:10 GMT" + ], + "Content-Length": [ + "1157" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor SQL vulnerability assessment results in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedinstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"feedbf84-6b99-488c-acc2-71c829aa5ffc\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policysetdefinitions?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucz9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "BuiltinFilterParameterSet" + ], + "CommandName": [ + "Get-AzPolicySetDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-request-id": [ + "westus2:29208ac7-a324-4498-9344-4b647bd5130f" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "5a04af08-f1ff-4c78-89b4-8401d0831e6d" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204211Z:5a04af08-f1ff-4c78-89b4-8401d0831e6d" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:11 GMT" + ], + "Content-Length": [ + "93897" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Monitoring in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor system updates\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor OS vulnerabilities\",\r\n \"description\": \"Enable or disable OS vulnerabilities monitoring (based on a configured baseline)\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor endpoint protection\",\r\n \"description\": \"Enable or disable endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disk encryption\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor network security groups\",\r\n \"description\": \"Enable or disable monitoring of network security groups with permissive rules\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webApplicationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor web application firewall\",\r\n \"description\": \"Enable or disable the monitoring of unprotected web applications\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Next Generation Firewall (NGFW) monitoring\",\r\n \"description\": \"Enable or disable monitoring network endpoints without a Next Generation Firewall\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor vulnerability assesment\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"storageEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor storage blob encryption\",\r\n \"description\": \"Enable or disable the monitoring of blob encryption for storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor JIT network access\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor application whitelisting\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL Servers auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL Servers\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInAppServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure App Services\",\r\n \"description\": \"Enable or disable the monitoring of diagnostics logs in Azure App Services\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"encryptionOfAutomationAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor encryption of automation accounts\",\r\n \"description\": \"Enable or disable the monitoring of automation account encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"metricAlertsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor metric alerts in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of metric alerts in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic compute VMs\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"classicStorageAccountsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of classic storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Analytics accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Analytics accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Store accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Store accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Event Hub accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInKeyVaultMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Key Vault vaults\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Key Vault vaults\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInKeyVaultRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Key Vault vaults\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Logic Apps workflows\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInLogicAppsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Redis Cache\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Redis Cache\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Search service\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Azure Active Directory authentication in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"clusterProtectionLevelInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor cluster protection level in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of cluster protection level in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Bus\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Bus\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceBusRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Service Bus\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Service Bus namespace authorization rules\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the provisioning of an Azure AD admininistrator for SQL server\",\r\n \"description\": \"Enable or disable the monitoring of an Azure AD admininistrator for SQL server\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the secure transfer to storage account\",\r\n \"description\": \"Enable or disable the monitoring of secure transfer to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Stream Analytics\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Stream Analytics\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Stream Analytics\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"useRbacRulesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor of using built-in RBAC rules\",\r\n \"description\": \"Enable or disable the monitoring of using built-in RBAC rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disabling of unrestricted network access to storage account\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"accessRulesInEventHubNamespaceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hub namespaces\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hub namespaces\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"accessRulesInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hubs\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL vulnerability assessment results\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor maximum number of owners\",\r\n \"description\": \"Enable or disable the monitoring of maximum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor minimus number of owners\",\r\n \"description\": \"Enable or disable the monitoring of minimum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Function App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Web App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Function App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Web App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for API App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Function App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Web App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in API App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in function App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in Web App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Function\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Function\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Web\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in API App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Function App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Web App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in API App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in Web App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in API App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestNodeJsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Node.js in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Node.js version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in API App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in Web App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in API App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use of DDoS protection for virtual network\",\r\n \"description\": \"Enable or disable the monitoring of DDoS protection for virtual network\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in IoT Hubs\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in IoT Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in IoT Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInIoTHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubNamespaceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"useRbacRulesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('useRbacRulesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInStreamAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"secureTransferToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('secureTransferToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInSqlServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInSqlServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"clusterProtectionLevelInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInRedisCacheMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInKeyVaultMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeStoreMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicStorageAccountsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicStorageAccountsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteStart\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteStartEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"encryptionOfAutomationAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('encryptionOfAutomationAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInAppServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInAppServiceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"storageEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('storageEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemConfigurationsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemConfigurationsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('endpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webApplicationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webApplicationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateLessThanOwnersMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateLessThanOwnersMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateMoreThanOneOwnerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestNodeJsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestNodeJsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vnetEnableDDoSProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vnetEnableDDoSProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"25ef9b72-4af2-4501-acd1-fc814e73dde1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Password security settings inside Linux and Windows virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This policy will audit password security settings inside Linux and Windows virtual machines. For a list of individual settings, please follow the aka.ms link to Azure Policy documentation.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55f3eceb-5573-4f18-9695-226972c6d74a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"75714362-cae7-409e-9b99-a8e5075b7fad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web server security settings inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This initiative will both deploy the VM extension and audit web server security settings inside Windows VMs.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8bc55e6b-e9d5-4266-8dac-f688d151ec9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Data Protection Suite\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c937dcb4-4398-4b39-8d63-4a6be432252e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d7fff7ea-9d47-4952-b854-b7da261e48f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f48bcc78-5400-4fb0-b913-5140a2e5fa20\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Azure Monitor\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains many policies with DeployIfNotExists effect with assignPermissions set at the parameter at the individual policy definition level.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_2\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4755676876307240960\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13418251844728914181\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"12068070188350812865\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8310573323379365078\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"560174196401503668\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"7752708915834271964\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/2476fb6f-011e-4bc4-9d07-ba137949735d\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"2476fb6f-011e-4bc4-9d07-ba137949735d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : No DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains no policies with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"LISTOFIMAGEIDTOINCLUDE_WINDOWS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_LINUX_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"492067171675640903\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"2492943854376579140\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/351907c4-cd47-4e63-8246-c591645a58d6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"351907c4-cd47-4e63-8246-c591645a58d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"cosmosdb new aliases test\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"5701618597132748228\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"9148562625737659571\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1317257300482699336\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"636235743263978372\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6540762518326135304\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"16237668974108817340\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/37501145-d01b-4bc8-92d0-c795a19fd164\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd164\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Initiative containing some definitions with deployIfNotExists effect\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9705281775767545600\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"3301615874834833614\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8044870099827093134\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/471eddb2-9421-4b81-8a25-3a0b849544dd\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"471eddb2-9421-4b81-8a25-3a0b849544dd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"6346022531429970426\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/71289c53-22e7-4f31-a6dd-780b532380c6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgatestinitmultiparam\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"TAGNAME_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name1\"\r\n }\r\n },\r\n \"TAGVALUE_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value1\"\r\n }\r\n },\r\n \"TAGNAME_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name2\"\r\n }\r\n },\r\n \"TAGVALUE_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value2\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"7154720483946859542\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_1')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"14987881155449304382\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_2')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/73933cd4-bc06-4e14-8166-3a7109eca21b\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"73933cd4-bc06-4e14-8166-3a7109eca21b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : One DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains one policy with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n },\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": null,\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_WINDOWS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_LINUX_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"12822089530504669560\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"492067171675640903\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"2492943854376579140\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/74016c36-0a9a-436a-8436-291d54eab1a2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"74016c36-0a9a-436a-8436-291d54eab1a2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed set\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"LISTOFALLOWEDSKUS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n },\r\n \"LISTOFRESOURCETYPESNOTALLOWED_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"8962248944013962433\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"value\": \"[parameters('LISTOFALLOWEDSKUS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13081098409154781365\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"value\": \"[parameters('LISTOFRESOURCETYPESNOTALLOWED_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/762007ec-c5ba-41ae-a52d-db0834bea096\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"762007ec-c5ba-41ae-a52d-db0834bea096\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"TestAdditionalResourceType\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4146325350290724164\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Sql/servers/firewallRules\",\r\n \"TrendMicro.DeepSecurity/listCommunicationPreference\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/80894954-5ae1-4391-975d-630e5586d07a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"80894954-5ae1-4391-975d-630e5586d07a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim rt group set\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"1\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"ALLOWEDTYPES_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": null,\r\n \"strongType\": \"resourceTypes\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.EventGrid/domains\",\r\n \"Microsoft.EventGrid/domains/topics\",\r\n \"Microsoft.EventGrid/locations\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"18341726042324576950\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Cdn/checkNameAvailability\",\r\n \"Microsoft.Cdn/checkResourceUsage\",\r\n \"Microsoft.Cdn/profiles\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1359233886895761531\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"value\": \"[parameters('ALLOWEDTYPES_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/82d42e20-f682-48dc-95b1-144f0963f0c1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"82d42e20-f682-48dc-95b1-144f0963f0c1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"tags\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9736595915162791837\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t1\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t1v\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5376449293497609056\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t2\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t2v\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/875cf75e-49c3-47f8-ab8d-89ba3d2311a0\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"875cf75e-49c3-47f8-ab8d-89ba3d2311a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ComplianceTestInitiative\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Compliance test initiative \",\r\n \"metadata\": {\r\n \"category\": \"Compliance test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4047897157028507992\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"4859121137597195236\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"centralus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8935913113203900114\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus2\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/a03db67e-a286-43c3-9098-b2da83d361ad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"a03db67e-a286-43c3-9098-b2da83d361ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : DINE mulitple policies with no role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"storageAccountsResourceGroup\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9705281775767545600\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"661064339838764944\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195\",\r\n \"parameters\": {\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"rohitbhtest\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/b03bf722-f2a8-4a84-8af6-f43b28b5a917\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"b03bf722-f2a8-4a84-8af6-f43b28b5a917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgaparamtest\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"LISTOFRESOURCETYPESNOTALLOWED_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"13081098409154781365\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"value\": \"[parameters('LISTOFRESOURCETYPESNOTALLOWED_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/c020e9eb-47d4-434a-8627-e202808ed117\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c020e9eb-47d4-434a-8627-e202808ed117\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Many DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains many policies with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": null,\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_2\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4755676876307240960\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13418251844728914181\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"12068070188350812865\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8310573323379365078\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"560174196401503668\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"7752708915834271964\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/da84593c-b133-40c2-8524-c79fd38e7450\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7450\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test_sandipsh123\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/db6c5074-a529-4cc8-8882-43f10ef42002\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"db6c5074-a529-4cc8-8882-43f10ef42002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MuratTest\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"murat\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ersan\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"testupdate\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ignite\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Initiative with my parameterized effect policy\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"EFFECT_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Initiative effect\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"16025301204423402856\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"audit\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"15232055014610564026\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('EFFECT_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e6884163-54c6-4f5e-9570-9e4cbd95b078\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e6884163-54c6-4f5e-9570-9e4cbd95b078\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"6782502132987446742\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9867\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/ps3866\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"ps3866\"\r\n }\r\n ]\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucy8xZjNhZmRmOS1kMGM5LTRjM2QtODQ3Zi04OWRhNjEzZTcwYTg/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicySetDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:3ea8b8a2-9996-449f-8cf3-c2272b606398" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11996" + ], + "x-ms-correlation-request-id": [ + "ec175d45-f60d-4b43-bed9-0a557705787f" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204213Z:ec175d45-f60d-4b43-bed9-0a557705787f" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:12 GMT" + ], + "Content-Length": [ + "145" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicySetDefinitionNotFound\",\r\n \"message\": \"The policy set definition '1f3afdf9-d0c9-4c3d-847f-89da613e70a8' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucy8xZjNhZmRmOS1kMGM5LTRjM2QtODQ3Zi04OWRhNjEzZTcwYTg/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicySetDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11995" + ], + "x-ms-request-id": [ + "westus2:a7e108d7-d05c-4b84-b4bd-230ac7271d0f" + ], + "x-ms-correlation-request-id": [ + "f762020f-04c6-4f1d-82d6-80600ac4c2cc" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204213Z:f762020f-04c6-4f1d-82d6-80600ac4c2cc" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:12 GMT" + ], + "Content-Length": [ + "50232" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Monitoring in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor system updates\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor OS vulnerabilities\",\r\n \"description\": \"Enable or disable OS vulnerabilities monitoring (based on a configured baseline)\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor endpoint protection\",\r\n \"description\": \"Enable or disable endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disk encryption\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor network security groups\",\r\n \"description\": \"Enable or disable monitoring of network security groups with permissive rules\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webApplicationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor web application firewall\",\r\n \"description\": \"Enable or disable the monitoring of unprotected web applications\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Next Generation Firewall (NGFW) monitoring\",\r\n \"description\": \"Enable or disable monitoring network endpoints without a Next Generation Firewall\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor vulnerability assesment\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"storageEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor storage blob encryption\",\r\n \"description\": \"Enable or disable the monitoring of blob encryption for storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor JIT network access\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor application whitelisting\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL Servers auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL Servers\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInAppServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure App Services\",\r\n \"description\": \"Enable or disable the monitoring of diagnostics logs in Azure App Services\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"encryptionOfAutomationAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor encryption of automation accounts\",\r\n \"description\": \"Enable or disable the monitoring of automation account encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"metricAlertsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor metric alerts in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of metric alerts in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic compute VMs\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"classicStorageAccountsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of classic storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Analytics accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Analytics accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Store accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Store accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Event Hub accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInKeyVaultMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Key Vault vaults\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Key Vault vaults\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInKeyVaultRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Key Vault vaults\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Logic Apps workflows\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInLogicAppsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Redis Cache\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Redis Cache\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Search service\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Azure Active Directory authentication in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"clusterProtectionLevelInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor cluster protection level in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of cluster protection level in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Bus\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Bus\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceBusRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Service Bus\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Service Bus namespace authorization rules\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the provisioning of an Azure AD admininistrator for SQL server\",\r\n \"description\": \"Enable or disable the monitoring of an Azure AD admininistrator for SQL server\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the secure transfer to storage account\",\r\n \"description\": \"Enable or disable the monitoring of secure transfer to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Stream Analytics\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Stream Analytics\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Stream Analytics\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"useRbacRulesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor of using built-in RBAC rules\",\r\n \"description\": \"Enable or disable the monitoring of using built-in RBAC rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disabling of unrestricted network access to storage account\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"accessRulesInEventHubNamespaceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hub namespaces\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hub namespaces\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"accessRulesInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hubs\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL vulnerability assessment results\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor maximum number of owners\",\r\n \"description\": \"Enable or disable the monitoring of maximum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor minimus number of owners\",\r\n \"description\": \"Enable or disable the monitoring of minimum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Function App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Web App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Function App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Web App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for API App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Function App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Web App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in API App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in function App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in Web App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Function\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Function\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Web\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in API App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Function App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Web App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in API App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in Web App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in API App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestNodeJsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Node.js in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Node.js version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in API App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in Web App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in API App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use of DDoS protection for virtual network\",\r\n \"description\": \"Enable or disable the monitoring of DDoS protection for virtual network\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in IoT Hubs\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in IoT Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in IoT Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInIoTHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubNamespaceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"useRbacRulesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('useRbacRulesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInStreamAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"secureTransferToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('secureTransferToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInSqlServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInSqlServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"clusterProtectionLevelInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInRedisCacheMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInKeyVaultMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeStoreMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicStorageAccountsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicStorageAccountsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteStart\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteStartEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"encryptionOfAutomationAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('encryptionOfAutomationAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInAppServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInAppServiceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"storageEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('storageEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemConfigurationsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemConfigurationsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('endpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webApplicationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webApplicationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateLessThanOwnersMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateLessThanOwnersMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateMoreThanOneOwnerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestNodeJsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestNodeJsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vnetEnableDDoSProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vnetEnableDDoSProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policysetdefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucy8yNWVmOWI3Mi00YWYyLTQ1MDEtYWNkMS1mYzgxNGU3M2RkZTE/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicySetDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:378c73e9-bd19-45b8-bc1c-df18fd6f483e" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11996" + ], + "x-ms-correlation-request-id": [ + "5c7d4430-a2ca-4d30-ad54-442fe22222a5" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204213Z:5c7d4430-a2ca-4d30-ad54-442fe22222a5" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:13 GMT" + ], + "Content-Length": [ + "145" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicySetDefinitionNotFound\",\r\n \"message\": \"The policy set definition '25ef9b72-4af2-4501-acd1-fc814e73dde1' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policysetdefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucy8yNWVmOWI3Mi00YWYyLTQ1MDEtYWNkMS1mYzgxNGU3M2RkZTE/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicySetDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11991" + ], + "x-ms-request-id": [ + "westus2:39423e9e-1538-4f9a-bd5a-1a011df3d7f8" + ], + "x-ms-correlation-request-id": [ + "93188bc6-5924-4e04-8b67-a2fbd55a9503" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204213Z:93188bc6-5924-4e04-8b67-a2fbd55a9503" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:13 GMT" + ], + "Content-Length": [ + "1361" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"25ef9b72-4af2-4501-acd1-fc814e73dde1\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policysetdefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucy8zZmE3Y2JmNS1jMGE0LTRhNTktODVhNS1jY2E0ZDk5NmQ1YTY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicySetDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:9e5196ec-47f2-4cfe-bceb-bd9c0250bccb" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11995" + ], + "x-ms-correlation-request-id": [ + "52029a30-8afe-4625-8d07-4797eda96cae" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204213Z:52029a30-8afe-4625-8d07-4797eda96cae" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:13 GMT" + ], + "Content-Length": [ + "145" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicySetDefinitionNotFound\",\r\n \"message\": \"The policy set definition '3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policysetdefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucy8zZmE3Y2JmNS1jMGE0LTRhNTktODVhNS1jY2E0ZDk5NmQ1YTY/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicySetDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11992" + ], + "x-ms-request-id": [ + "westus2:6c320684-ed53-41a6-850b-bb0171f10240" + ], + "x-ms-correlation-request-id": [ + "57f044f6-217a-4a35-833e-eef5876743da" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204214Z:57f044f6-217a-4a35-833e-eef5876743da" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:13 GMT" + ], + "Content-Length": [ + "3860" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Password security settings inside Linux and Windows virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This policy will audit password security settings inside Linux and Windows virtual machines. For a list of individual settings, please follow the aka.ms link to Azure Policy documentation.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucy81NWYzZWNlYi01NTczLTRmMTgtOTY5NS0yMjY5NzJjNmQ3NGE/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicySetDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:7fe40714-5600-4809-bf43-64974b230487" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-correlation-request-id": [ + "b62f8aaa-6c24-4329-ad6b-58ad4cb3b83a" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204214Z:b62f8aaa-6c24-4329-ad6b-58ad4cb3b83a" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:13 GMT" + ], + "Content-Length": [ + "145" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicySetDefinitionNotFound\",\r\n \"message\": \"The policy set definition '55f3eceb-5573-4f18-9695-226972c6d74a' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucy81NWYzZWNlYi01NTczLTRmMTgtOTY5NS0yMjY5NzJjNmQ3NGE/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicySetDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:504b42a8-d64e-4f38-b560-be68fc5a647e" + ], + "x-ms-correlation-request-id": [ + "ac0f5176-62a1-4f37-8ec3-de865144474a" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204214Z:ac0f5176-62a1-4f37-8ec3-de865144474a" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:13 GMT" + ], + "Content-Length": [ + "3554" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55f3eceb-5573-4f18-9695-226972c6d74a\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucy83NTcxNDM2Mi1jYWU3LTQwOWUtOWI5OS1hOGU1MDc1YjdmYWQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicySetDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:9d156721-04a6-456a-9650-11342cfc244b" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "ff1a6a48-de07-4dfb-97f7-3a0fe895990c" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204214Z:ff1a6a48-de07-4dfb-97f7-3a0fe895990c" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:13 GMT" + ], + "Content-Length": [ + "145" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicySetDefinitionNotFound\",\r\n \"message\": \"The policy set definition '75714362-cae7-409e-9b99-a8e5075b7fad' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucy83NTcxNDM2Mi1jYWU3LTQwOWUtOWI5OS1hOGU1MDc1YjdmYWQ/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicySetDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11997" + ], + "x-ms-request-id": [ + "westus2:e94858a1-0e63-47aa-8300-9e11e66351fa" + ], + "x-ms-correlation-request-id": [ + "f7c34d37-a8b1-4b13-ad08-295e7fa06362" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204214Z:f7c34d37-a8b1-4b13-ad08-295e7fa06362" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:14 GMT" + ], + "Content-Length": [ + "3769" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"75714362-cae7-409e-9b99-a8e5075b7fad\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policysetdefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucy84YmM1NWU2Yi1lOWQ1LTQyNjYtOGRhYy1mNjg4ZDE1MWVjOWM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicySetDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:5d1fafdf-0af0-4a1c-8168-5db99bbf8f52" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11988" + ], + "x-ms-correlation-request-id": [ + "44e518de-9de5-4225-990e-e0b0ec8d6927" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204214Z:44e518de-9de5-4225-990e-e0b0ec8d6927" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:13 GMT" + ], + "Content-Length": [ + "145" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicySetDefinitionNotFound\",\r\n \"message\": \"The policy set definition '8bc55e6b-e9d5-4266-8dac-f688d151ec9c' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policysetdefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucy84YmM1NWU2Yi1lOWQ1LTQyNjYtOGRhYy1mNjg4ZDE1MWVjOWM/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicySetDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:af3c93d1-f449-41fd-b636-75ac9a255eba" + ], + "x-ms-correlation-request-id": [ + "e87683bd-f245-4e71-a0e7-9bbacba85fe6" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204214Z:e87683bd-f245-4e71-a0e7-9bbacba85fe6" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:13 GMT" + ], + "Content-Length": [ + "863" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web server security settings inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This initiative will both deploy the VM extension and audit web server security settings inside Windows VMs.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8bc55e6b-e9d5-4266-8dac-f688d151ec9c\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policysetdefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucy85Y2IzY2M3YS1iMzliLTRiODItYmM4OS1lNWE1ZDlmZjdiOTc/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicySetDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:95ab7281-395e-4633-988b-301b54648f42" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11995" + ], + "x-ms-correlation-request-id": [ + "cf32ae8f-0e6a-48fd-9337-c82ed2509d25" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204214Z:cf32ae8f-0e6a-48fd-9337-c82ed2509d25" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:13 GMT" + ], + "Content-Length": [ + "145" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicySetDefinitionNotFound\",\r\n \"message\": \"The policy set definition '9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policysetdefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucy85Y2IzY2M3YS1iMzliLTRiODItYmM4OS1lNWE1ZDlmZjdiOTc/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicySetDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11995" + ], + "x-ms-request-id": [ + "westus2:1554fbf0-5c36-4589-b684-08aa304077db" + ], + "x-ms-correlation-request-id": [ + "0d6a0ed3-0e1d-4cab-b33a-a7f6f115ad2d" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204214Z:0d6a0ed3-0e1d-4cab-b33a-a7f6f115ad2d" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:14 GMT" + ], + "Content-Length": [ + "710" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Data Protection Suite\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policysetdefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucy9jOTM3ZGNiNC00Mzk4LTRiMzktOGQ2My00YTZiZTQzMjI1MmU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicySetDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:b356e8e8-f96e-4283-b9f0-efb47bf38d7f" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11995" + ], + "x-ms-correlation-request-id": [ + "8f910670-9be1-48ce-bbc8-7a727cb20bb0" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204214Z:8f910670-9be1-48ce-bbc8-7a727cb20bb0" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:14 GMT" + ], + "Content-Length": [ + "145" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicySetDefinitionNotFound\",\r\n \"message\": \"The policy set definition 'c937dcb4-4398-4b39-8d63-4a6be432252e' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policysetdefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucy9jOTM3ZGNiNC00Mzk4LTRiMzktOGQ2My00YTZiZTQzMjI1MmU/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicySetDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11994" + ], + "x-ms-request-id": [ + "westus2:947d1264-17c2-4c4d-a40b-ad45d231b7f6" + ], + "x-ms-correlation-request-id": [ + "b27a3fd0-45c0-4381-b6e4-dffa12d82fef" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204214Z:b27a3fd0-45c0-4381-b6e4-dffa12d82fef" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:14 GMT" + ], + "Content-Length": [ + "1237" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c937dcb4-4398-4b39-8d63-4a6be432252e\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policysetdefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucy9kN2ZmZjdlYS05ZDQ3LTQ5NTItYjg1NC1iN2RhMjYxZTQ4ZjI/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicySetDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:6701e00a-ddff-4a94-bcaf-07498b7b5774" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11996" + ], + "x-ms-correlation-request-id": [ + "73ddbfc1-a740-4c61-9821-37434e9986d1" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204215Z:73ddbfc1-a740-4c61-9821-37434e9986d1" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:14 GMT" + ], + "Content-Length": [ + "145" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicySetDefinitionNotFound\",\r\n \"message\": \"The policy set definition 'd7fff7ea-9d47-4952-b854-b7da261e48f2' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policysetdefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucy9kN2ZmZjdlYS05ZDQ3LTQ5NTItYjg1NC1iN2RhMjYxZTQ4ZjI/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicySetDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11994" + ], + "x-ms-request-id": [ + "westus2:715f0513-eafa-495f-b0d3-953c85caa2c9" + ], + "x-ms-correlation-request-id": [ + "17616a25-648c-42df-8712-940e819a5719" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204215Z:17616a25-648c-42df-8712-940e819a5719" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:14 GMT" + ], + "Content-Length": [ + "1360" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d7fff7ea-9d47-4952-b854-b7da261e48f2\"\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policysetdefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucy9mNDhiY2M3OC01NDAwLTRmYjAtYjkxMy01MTQwYTJlNWZhMjA/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicySetDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:8156385b-1530-4697-8a0f-386696cf4872" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-correlation-request-id": [ + "5efec3e9-6bd2-41d4-94ef-e6bd3ef59e0a" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204215Z:5efec3e9-6bd2-41d4-94ef-e6bd3ef59e0a" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:14 GMT" + ], + "Content-Length": [ + "145" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicySetDefinitionNotFound\",\r\n \"message\": \"The policy set definition 'f48bcc78-5400-4fb0-b913-5140a2e5fa20' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policysetdefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucy9mNDhiY2M3OC01NDAwLTRmYjAtYjkxMy01MTQwYTJlNWZhMjA/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicySetDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11995" + ], + "x-ms-request-id": [ + "westus2:5b7ebec7-77d9-4129-a562-8cd1b3059ad5" + ], + "x-ms-correlation-request-id": [ + "729dc697-98c6-4c0f-bcac-6b01d428db14" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T204215Z:729dc697-98c6-4c0f-bcac-6b01d428db14" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 20:42:15 GMT" + ], + "Content-Length": [ + "1251" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f48bcc78-5400-4fb0-b913-5140a2e5fa20\"\r\n}", + "StatusCode": 200 + } + ], + "Names": {}, + "Variables": { + "SubscriptionId": "d0610b27-9663-4c05-89f8-5b4be01e86a5" + } +} \ No newline at end of file diff --git a/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestGetCmdletFilterParameter.json b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestGetCmdletFilterParameter.json new file mode 100644 index 000000000000..cadf475273a2 --- /dev/null +++ b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestGetCmdletFilterParameter.json @@ -0,0 +1,392 @@ +{ + "Entries": [ + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucz9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "BuiltinFilterParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-request-id": [ + "westus2:15ece314-67dd-4960-950f-1a96ed0d4b9f" + ], + "x-ms-correlation-request-id": [ + "4de82e2a-501e-4198-a1fd-d6b91c527dd5" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T193745Z:4de82e2a-501e-4198-a1fd-d6b91c527dd5" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 19:37:44 GMT" + ], + "Content-Length": [ + "487308" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines without disaster recovery configured\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"ASR-Protect-*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an Function app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"001802d1-4969-4c82-a700-c29c6c6f9bbd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"053d3325-282c-4e5c-b944-24faffd30d77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Data Lake Store\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057ef27e-665e-4328-8ea3-04b3122bd9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL DB Level Audit Setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit DB level audit setting for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit VMs that do not use managed disks\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0868462e-646c-4fe3-9ced-a733534b6a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08b17839-76c6-4015-90e0-33d9d54d219c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit minimum number of owners for subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate more than one subscription owner in order to have administrator access redundancy.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateMoreThanOneOwner\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted VM Disks in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0961003e-5a0a-4549-abde-af6a37f2724d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit resource location matches resource group location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that the resource location matches its resource group location\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"notIn\": [\r\n \"[resourcegroup().location]\",\r\n \"global\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a914e76-4921-4c19-b460-a2d36003525a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an function app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e60b895-3786-45da-8377-9c6b4b6ac5f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11ac78e3-31bc-4f0c-8434-37ab963cea07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the required content to audit that an application is installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"WhitelistedApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WhitelistedApplication\"\r\n },\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"installedApplication\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[Parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit transparent data encryption status\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit transparent data encryption status for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"enabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17k78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1c210e94-a481-4beb-95fa-1571b434fb04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicCompute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d84d5fb-01f6-4d12-ba4f-4a26081d403d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1de7b11d-1870-41a5-8181-507e7c663cfb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enforces a required tag and its value. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e30110a-5ceb-460c-a204-c1c3969c6d62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit provisioning of an Azure Active Directory administrator for SQL server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/administrators\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f314764-cb73-4fc9-b863-8eca98ac36e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected web application in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Web applications without a Web Application Firewall protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\",\r\n \"Microsoft.Web/hostingEnvironments\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201ea587-7c90-41c3-910f-c280ae01cfd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a API app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"224da9fe-0d38-4e79-adb3-0a6e2af942ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of only secure connections to your Redis Cache\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Cache\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22bee202-a82f-4305-9a2a-6d7f44d4dedb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordLength\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordLength\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit configuration of metric alert rules on Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit configuration of metric alert rules on Batch account to enable the required metric\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/alertRules\",\r\n \"existenceScope\": \"Subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\r\n \"equals\": \"[parameters('metricName')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\r\n \"equals\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', field('name'))]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Microsoft IaaSAntimalware extension for Windows Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys a Microsoft IaaSAntimalware extension with a default configuraion when a VM is not configured with the antimalware extension.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of process names to exclude from scanning\"\r\n }\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"false\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Quick\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"7\",\r\n \"metadata\": {\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"120\",\r\n \"metadata\": {\r\n \"description\": \"When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM.\"\r\n }\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2835b622-407b-4114-9198-6f7064cbe0dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Applies a required tag and its default value if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fde8a98-6892-426a-83ba-050e640c0ce0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32133ab0-ee4b-4b44-98d6-042180979d50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid232\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"equals\": \"Allow\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34c877ad-507e-4c82-993e-3452a6e0ad3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Logic Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Logic Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34f95f76-5386-4de7-b824-0d8478470c9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MaximumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MaximumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enablement of encryption of Automation account variables\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is important to enable encryption of Automation account variable assets when storing sensitive data\",\r\n \"metadata\": {\r\n \"category\": \"Automation\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts/variables\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Automation/automationAccounts/variables/isEncrypted\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3657f5a0-770e-44a3-b44e-9431ba1e9735\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Threat Detection is enabled on SQL Servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicStorage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in IoT Hubs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Internet of Things\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Devices/IotHubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"383856f8-de7f-44a2-81fc-e5135b5c2aa4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c1b3629-c8f8-4bf6-862c-037cb9094038\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Log Analytics Agent for Ubuntu VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace\",\r\n \"metadata\": {\r\n \"category\": \"Compute\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\",\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\",\r\n \"14.04.2-LTS\",\r\n \"12.04.5-LTS\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fe37002-5d00-4b37-a301-da09e3a0ca66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit secure transfer to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit requirment of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"404c3081-a854-4457-ae30-26a93ef643f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"428256e6-1fac-4f48-a757-df34c2b3336d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor permissive network access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"permissiveNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44452482-524f-4bf4-b852-0bff7cc4a3ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require SQL Server version 12.0\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures all SQL servers use version 12.0\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/version\",\r\n \"equals\": \"12.0\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46544d7b-1f0d-46f5-81da-5c1351de1b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce automatic OS upgrade with app health checks on VMSS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces usage of automatic OS upgrade with application health checks through health probes, which enables safer rollout by evaluating application health after each OS upgrade batch.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade\",\r\n \"equals\": \"True\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/networkProfile.healthProbe.id\",\r\n \"exists\": \"False\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f0161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible app Whitelisting in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible Application Whitelist configuration will be monitored by Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"applicationWhitelisting\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47a6b606-51aa-4496-8bb7-64b11cf66adc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48893b84-a2c8-4d9a-badf-835d5d1b7d53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Applies a required tag and its default value to resource groups if it is not specified by the user.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d1c04de-2172-403f-901b-90608c35c721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit maximum number of owners for a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateLessThanXOwners\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healty\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f11b553-d42e-4e3a-89be-32ca364cad4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with write permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df82f4f-773a-4a2d-97a2-422a806f1a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in India data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: West India, South India, Central India\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with read permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit the setting of ClusterProtectionLevel property to EncryptAndSign in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].name\",\r\n \"notEquals\": \"Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name\",\r\n \"notEquals\": \"ClusterProtectionLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value\",\r\n \"notEquals\": \"EncryptAndSign\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"617c02be-7f02-4efd-8836-3180d47b6c68\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit missing blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits storage accounts without blob encryption. It only applies to Microsoft.Storage resource types, not other storage providers. Possible network Just In Time access will be monitored by Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"655cb504-bcee-4362-bd4c-402e6aa38759\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a Function app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"664346d9-be92-43fb-a219-d595eeb76a90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a web application from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8450e2-6c61-43b4-be65-62e3a197bffe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization cannot deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that cannot be deployed.\",\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesNotAllowed')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdb9205-3462-4cfc-87d8-16c7860b53f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"EnforcePasswordHistory\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed storage account SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"StorageSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7433c107-6db4-4ad1-b57a-a76dce0154a1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in App Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"752c6934-9bcc-4749-b004-655e676ae2ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor VM Vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"vulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"760a85ff-6162-42b3-8d70-698e268f648c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"IaaSDiagnostics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Diagnostics\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"LinuxDiagnostic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.OSTCExtensions\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c1b1214-f927-48bf-8882-84f0af6588b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e56b49b-5990-4159-a734-511ea19b731c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordMustMeetComplexityRequirements\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit diagnostic setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f89b1eb-583c-429a-8828-af049802c1d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a214f7-d01a-484b-91a9-ed54470c9a6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy SQL DB transparent data encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enables transparent data encryption on SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('fullDbName'), '/current')]\",\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"apiVersion\": \"2014-04-01\",\r\n \"properties\": {\r\n \"status\": \"Enabled\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"value\": \"[field('fullName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing system updates in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Missing security system updates on your servers will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"systemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86b3d65f-7626-441e-b690-81a8b71cff60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"not_installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"not_installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"884b209a-963b-4520-8006-d20cb3c213e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces a required tag and its value on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce3da23-7156-49e4-b145-24f95f9dcb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"StorePasswordsUsingReversibleEncryption\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9297c21d-2ed6-4474-b48f-163f75654ce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in European data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: North Europe, West Europe\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"northeurope\",\r\n \"westeurope\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"94c19f19-8192-48cd-a11b-e37099d3e36b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in United States data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"centralus\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"northcentralus\",\r\n \"southcentralus\",\r\n \"westus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"983211ba-f348-4758-983b-21fa29294869\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9bfe3727-0a17-471f-a2fe-eddd6b668745\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected network endpoints in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network endpoints without a Next Generation Firewall's protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedNetworkEndpoint\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9daedab3-fb2d-461e-b861-71790eead4f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that can be deployed.\",\r\n \"displayName\": \"Allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesAllowed')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a08ec900-254a-4555-9bf5-e42af04b5c5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Service Bus namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1817ec0-a368-432a-8057-8371e17ac6ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a451c1ef-c6ca-483d-87ed-f49761e3ffb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL server level Auditing settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audits the existence of SQL Auditing at the server level\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Desired Auditing setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enabled\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit standard tier of DDoS protection is enabled for a virtual network\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableDDoSProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce encryption on Data Lake Store accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures encryption is enabled on all Data Lake Store accounts\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DataLakeStore/accounts/encryptionState\",\r\n \"equals\": \"Disabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7ff3161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unencrypted SQL servers or databases will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a8bef009-a5c9-4d0f-90d7-6018734e8a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy network watcher when virtual networks are created\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"networkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[field('location')]\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-09-01\",\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"name\": \"[concat('networkWacher_', parameters('location'))]\",\r\n \"location\": \"[parameters('location')]\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with owner permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa633080-8b72-40c4-a2d7-d00c03e80bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Automatic provisioning of security monitoring agent\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Installs security agent on VMs for advanced security alerts and preventions in Azure Security Center. Applies only for subscriptions that use Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"securityAgent\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abcc6037-1fc4-47f6-aac5-89706589be24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'environment' tag value in allowed values\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.environment\",\r\n \"in\": [\r\n \"production\",\r\n \"dev\",\r\n \"test\",\r\n \"staging\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"endpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af6cd1bd-1635-48cb-bde7-5b15693900b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unaudited SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"SQL servers and databases which doesn't have SQL auditing turned on will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"auditing\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af8051bf-258b-44e2-a2bf-165330459f9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible network Just In Time (JIT) access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"jitNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM /etc/passwd file permissions are set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Event Hub namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b278e460-7cfc-4451-8294-cccc40a940d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"AuditSecureProtocol\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AuditSecureProtocol\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs for Search service\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Search\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an API app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b48334a4-911b-4084-b1ab-3e6a4e50b951\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of Azure Active Directory for client authentication in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit usage of client authentication only via Azure Active Directory in Service Fabric\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b54ed75b-3e1a-44ac-a333-05ba39b99ff0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be0a7681-bed4-48dc-9ff3-f0171ee170b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Asia data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastasia\",\r\n \"southeastasia\",\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\",\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Data Lake Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply Diagnostic Settings for Network Security Groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy automatically deploys diagnostic settings to network security groups.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist)\",\r\n \"description\": \"This resource group must already exist\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setbypolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"rgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"storageDeployName\": \"[concat('policyStorage_', uniqueString(parameters('location'), parameters('nsgName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('nsgName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [\r\n \"[variables('storageDeployName')]\"\r\n ],\r\n \"properties\": {\r\n \"storageAccountId\": \"[reference(variables('storageDeployName')).outputs.storageAccountId.value]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('storageDeployName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('rgName')]\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-06-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[concat(parameters('storageprefix'), parameters('location'))]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"location\": \"[parameters('location')]\",\r\n \"tags\": {\r\n \"created-by\": \"policy\"\r\n },\r\n \"scale\": null,\r\n \"properties\": {\r\n \"networkAcls\": {\r\n \"bypass\": \"AzureServices\",\r\n \"defaultAction\": \"Allow\",\r\n \"ipRules\": [],\r\n \"virtualNetworkRules\": []\r\n },\r\n \"supportsHttpsTrafficOnly\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"storageAccountId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[resourceId(parameters('rgName'), 'Microsoft.Storage/storageAccounts',concat(parameters('storagePrefix'), parameters('location')))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('rgName')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb510bfd-1cba-4d9f-a230-cb0976f4bb71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed virtual machine SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for virtual machines.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cccc23c7-8427-4f53-ad12-b6a63eb452b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'department' tag set\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation only if the 'department' tag is set\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags\",\r\n \"containsKey\": \"department\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd8dc879-a2ae-43c3-8211-1877c5755064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Key Vault\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf820ca0-f99e-4f3e-84fb-66e913812d21\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Function Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a Function app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a web application from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd2ea520-6b06-45c3-806e-ea297c23e06a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e01598e8-6538-41ed-95e8-8b29746cd697\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor OS vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"osVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3576e28-8b17-4677-84c3-db2990658d64\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"global\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"notEquals\": \"Microsoft.AzureActiveDirectory/b2cDirectories\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e56962a6-4747-49cd-b67b-bf8b01975c4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Node.js Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Node.js version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestNodeJS\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e67687e8-08d5-4e7f-8226-5b4753bba008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations for resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that resource groups can be created in.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e765b5de-1225-4ba3-bd56-1ac6695af988\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within a web application must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e797f851-8be7-4c40-bb56-2e3395215b0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an API app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration and Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid110\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"NotInstalledApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"NotInstalledApplication\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[Parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0633351-c7b2-41ff-9981-508fc08553c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid121\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if they not logging to the LA workspace specified in the policy/initiative assignment.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"notEquals\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f47b5582-33ec-4c5c-87c0-b010a6b2e917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of authorization rules on Event Hub entities\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit existence of authorization rules on Event Hub entities to grant least-privileged access\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/eventhubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/eventHubs/authorizationRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4826e5f-6a27-407c-ae3e-9582eb39891d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Auditing on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\",\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8456c1c-aa66-4dfb-861a-25d127b775c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Service Bus\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Stream Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Stream Analytics\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingJobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits that the specified application is installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor SQL vulnerability assessment results in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedinstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"feedbf84-6b99-488c-acc2-71c829aa5ffc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"cheggert: Append VMSS extension\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/virtualMachineProfile\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*].type\",\r\n \"notEquals\": \"GenevaMonitoring\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*]\",\r\n \"value\": {\r\n \"name\": \"Microsoft.Azure.Geneva.GenevaMonitoring\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Geneva\",\r\n \"type\": \"GenevaMonitoring\",\r\n \"typeHandlerVersion\": \"1.8\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {}\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/01b105ed-6ded-4a1d-894c-df85fd9351cb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"01b105ed-6ded-4a1d-894c-df85fd9351cb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage_httpsTrafficOnly\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/023217dd-81bb-461f-93ea-8799caac50c7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"023217dd-81bb-461f-93ea-8799caac50c7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"This shouldn't work\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This customer's policy is attempting to append multiple tags at once. I expect it will just append one tag with a really long name\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"value\": [\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04183864-11ae-4e7a-aadb-c600e40ed1b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04183864-11ae-4e7a-aadb-c600e40ed1b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Inherit named tag from resource group\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Applies the tag value from the resource group if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[resourcegroup().tags[parameters('tagName')]]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04904947-4d10-4454-9a50-f423d590e11b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04904947-4d10-4454-9a50-f423d590e11b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : AuditIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"deploys a delete lock for a resource \",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/0b88dfdb-55b3-4fb0-b474-5b6dcbe6b2ef/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"CanNotDelete\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {},\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"apiVersion\": \"2015-01-01\",\r\n \"name\": \"DeleteLock\",\r\n \"properties\": {\r\n \"level\": \"CanNotDelete\",\r\n \"notes\": \"prevent deletion\"\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ddd96d8-fccd-40cb-81d2-5072a4ed061c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ddd96d8-fccd-40cb-81d2-5072a4ed061c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robga-nsgtemplate-test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ddfee46-9b63-4313-a529-cfbf968d8118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ddfee46-9b63-4313-a529-cfbf968d8118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akif incident - 85944710\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 85944710\\nhttps://icm.ad.msft.net/imp/v3/incidents/details/85944710/home\\n\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af12870bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af12870bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"second attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af1287abe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af1287abe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"chegg: Deploy azsecpack autoupgrade (VMSS)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n }\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*].name\",\r\n \"notEquals\": \"Microsoft.Azure.Geneva.GenevaMonitoring\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"Microsoft.Azure.Geneva.GenevaMonitoring\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"GenevaMonitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Geneva\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/enableAutomaticUpgrade\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-10-01\",\r\n \"name\": \"[concat(parameters('vmssName'), '/Microsoft.Azure.Geneva.GenevaMonitoring')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"enableAutomaticUpgrade\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ec05dac-e529-48ef-8c20-f7e6af99a12b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ec05dac-e529-48ef-8c20-f7e6af99a12b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/123c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"123c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim nsg repro\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"fix\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/14ac45e9-df97-455d-b6ee-dd216f15f694\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"14ac45e9-df97-455d-b6ee-dd216f15f694\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim-incident-86226837-fix\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"1 - reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/15358dd8-671e-4c96-be33-2b668791418f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"15358dd8-671e-4c96-be33-2b668791418f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Attempt service bus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logProfiles\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logProfiles/serviceBusRuleId\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/163c640e-681c-445f-92ba-cd434bd8c11c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"163c640e-681c-445f-92ba-cd434bd8c11c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.zyx\",\r\n \"exists\": \"false\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/17d43473-870f-4bc8-93c6-3961fa1d91cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17d43473-870f-4bc8-93c6-3961fa1d91cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"peterhaugeaudit\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Testing resource group in IfNotExists (not the intent of the original policy, but looks like there's some weirdness here)\\n\\nChanged: Microsoft.Resources/subscriptions/resourceGroups to Microsoft.Resources/resourceGroups\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"name\": \"EnforceServicePrincipalAccessToDevTestLabsResourceGroups\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/19153189-4506-4910-b7bc-756e0188a6f2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"19153189-4506-4910-b7bc-756e0188a6f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit all tags\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"tags\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags\",\r\n \"value\": \"[resourceGroup().tags]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1e3c9312-c011-40a3-ac40-3bf3ddc24120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e3c9312-c011-40a3-ac40-3bf3ddc24120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource group locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Allowed resource group locations\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f20036f-28c3-48f3-9266-05d50fe391f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f20036f-28c3-48f3-9266-05d50fe391f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"docdb_aliases_test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/isVirtualNetworkFilterEnabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f5360b7-fe59-43f7-8af5-825df420d09c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f5360b7-fe59-43f7-8af5-825df420d09c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ovewrites security rules with IP restrictions at the securityRule level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Limit to one protocol. The most inclusive should come last. I.e. 22;22-22;22-23\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"priority\": {\r\n \"type\": \"int\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[parameters('fullRuleName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-02-01\",\r\n \"properties\": {\r\n \"protocol\": \"*\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[last(parameters('destinationPortRanges'))]\",\r\n \"access\": \"Allow\",\r\n \"direction\": \"Inbound\",\r\n \"priority\": \"[parameters('priority')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[field('Microsoft.Network/networksecurityGroups/securityRules/priority')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"20c4afd0-8a77-4433-b8b0-4ad06e4c7111\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy NSGs on Subnets\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforce that all subnets have a Network Security Group. If a subnet does not have one an NSG with the default Internet Exposed Endpoint restrictions will be created and associated with it.\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string to apply to all automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges must not overlap.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks/subnets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"notEquals\": \"null\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgPrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"nsgName\": \"[concat(parameters('nsgPrefix'), '-', parameters('location'))]\",\r\n \"vnetName\": \"[split(parameters('fullResourceName'), '/')[0]]\",\r\n \"vnetResourceId\": \"[resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))]\",\r\n \"getVnetDeploymentName\": \"[concat('getVnet-', variables('vnetName'))]\",\r\n \"collectSubnetsDeploymentName\": \"[concat('collectSubnets-', variables('vnetName'))]\",\r\n \"overwriteVnetDeploymentName\": \"[concat('overwriteVnet-', variables('vnetName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"vnetProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('vnetResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[variables('nsgName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"securityRules\": [\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Restrict\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from specific IP ranges (either corpnet or SAW)\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3997,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_AllowVnet\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from within the VNET\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"VirtualNetwork\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3998,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Deny\",\r\n \"properties\": {\r\n \"description\": \"Deny any controlled port connections that aren't explicitly allowed in higher priority rules\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 3999,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_AllowAll\",\r\n \"properties\": {\r\n \"description\": \"Allow all inbound traffic that isn't explicitly blocked by Port Lockdown restrictions\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 4000,\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectSubnetsDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_collectSubnets_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"nsgResourceId\": {\r\n \"value\": \"[resourceid('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"dependsOn\": [\r\n \"[variables('nsgName')]\"\r\n ],\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_overwriteVnet_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"updatedSubnets\": {\r\n \"value\": \"[reference(variables('collectSubnetsDeploymentName')).outputs.updatedSubnets.value]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"nsgPrefix\": {\r\n \"value\": \"[parameters('nsgPrefix')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/210ed8bd-6b07-4d5e-a62c-c34f07293288\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"210ed8bd-6b07-4d5e-a62c-c34f07293288\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit all Microsoft.Web/sites/config/authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/211a466d-b2be-46e8-b029-8c28f566f118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"211a466d-b2be-46e8-b029-8c28f566f118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of a tag2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits that a required tag is present on resources\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"notcontainsKey\": \"[parameters('tagName')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24813039-7534-408a-9842-eb99f45721b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append single location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.locationTest\",\r\n \"value\": \"[parameters('allowedLocation')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin oms vm linux parameterized effect\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"263f13f4-6b88-4788-bead-34beedde70ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere strange alias in field function\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"Tags['asdasd']\",\r\n \"equals\": \"[concat('whatever', 'a')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/26556185-593c-4866-9c0c-114ac0bf6120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26556185-593c-4866-9c0c-114ac0bf6120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test guest assignment\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/28e54a72-2fd7-40d3-afe2-b05423e0147a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"28e54a72-2fd7-40d3-afe2-b05423e0147a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"2nd attempt on this policy. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"notIn\": \"[parameters('allowedLocations')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd60841400\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd60841400\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-combined\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"the combined policy attempt for both cosmos db cases. \",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"locationNames\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd6084180f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd6084180f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage ip rules append 2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.ipRules\",\r\n \"value\": [\r\n {\r\n \"value\": \"8.8.8.8\",\r\n \"action\": \"Allow\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/2b2317a7-ab02-47b5-8159-eb7e6227709f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2b2317a7-ab02-47b5-8159-eb7e6227709f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[demo] Enforce KeyVault diagnostic log storage\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"[tolower(concat('cheggkv', parameters('location')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('cheggremdemo', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/332ce4ac-9200-4573-8c66-92b85fc82c8d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"332ce4ac-9200-4573-8c66-92b85fc82c8d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_enableAutomaticFailover\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/enableAutomaticFailover\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_defaultConsistencyLevel\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/consistencyPolicy.defaultConsistencyLevel\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0b7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_readLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_writeLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_failoverPolicies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd160\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c0df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c0df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL and Managed Instance TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c144\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c144\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services vaults test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"vault\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vault\",\r\n \"description\": \"The Recovery Services Vault.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n },\r\n \"vaults\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vaults\",\r\n \"description\": \"The list of Recovery Services Vaults.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('vault')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('vaults')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b2c1b0f-63c5-4943-8578-6d37fbe411bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b2c1b0f-63c5-4943-8578-6d37fbe411bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b788cf8-ff6f-4075-86a1-ab76270790e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b788cf8-ff6f-4075-86a1-ab76270790e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3cc5820a-cbb8-4977-9c90-d90ced95f12c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3cc5820a-cbb8-4977-9c90-d90ced95f12c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Name should have prefix and suffix\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Name should have prefix and suffix\",\r\n \"parameters\": {\r\n \"prefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The prefix\",\r\n \"description\": \"The name prefix\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"suffix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The suffix\",\r\n \"description\": \"The name suffix.\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('prefix'), '*', parameters('suffix'))]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e275e2e-a157-4ade-8f91-43b3ea370007\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e275e2e-a157-4ade-8f91-43b3ea370007\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Restrict VM skus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Restricts allowed VM skus to a predefined regex\",\r\n \"parameters\": {\r\n \"allowedSkuTemplate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed VM sku template\",\r\n \"description\": \"The VM sku template. Supports wildcards via '*'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"like\": \"[parameters('allowedSkuTemplate')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e34c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e34c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKU\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits the use of storage account SKUs that don't meet organizational cost policy.\",\r\n \"parameters\": {\r\n \"listOfAllowedSkus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of allowed SKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSkus')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e3682\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e3682\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaDataFactoryTest1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"RobgaDataFactoryTest\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataFactory/factories\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/robgatestworkspace/providers/Microsoft.OperationalInsights/workspaces/robgatestworkspace\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce autoUpgrade on VM/VMSS extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies any VM or VMSS extensions that do not have autoUpgradeMinorVersion set to true.\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f772\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f772\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically enabled autoUpgradeMinorVersion on VM extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f783\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f783\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM scale set extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically appends autoUpgradeMinorVersion=true to VMSS extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f7a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f7a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService must use serverFarm\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService serverFarm must have capacity > 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/serverFarms\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/serverFarms/sku.capacity\",\r\n \"in\": [\r\n \"0\",\r\n \"1\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc23\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc23\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Do_Not_Delete\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy is used for unit tests. Please do not delete it.\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4a0425e4-97bf-4ad0-ab36-145b94083c60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4a0425e4-97bf-4ad0-ab36-145b94083c60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny MySQL firewallRules starting with 0\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4b94c320-ce63-4fb6-ba9d-7dbe648b90de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4b94c320-ce63-4fb6-ba9d-7dbe648b90de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83686598\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"deny the creation of storage if supportsHttpsTrafficOnly is false\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"detect 'allow All' NSG rule\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c915617-16f0-4c62-b021-e66d5409d11d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c915617-16f0-4c62-b021-e66d5409d11d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332195\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332199\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332199\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny storage container creation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts/blobServices/containers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4d2f8837-7acb-4488-b580-95960ee3f116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d2f8837-7acb-4488-b580-95960ee3f116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure auto-created NSG rules exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ensures that security rules created in auto-created PortLockdown NSGs are not tampered with\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string applied to automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to in the expected security rule. I.e. 192.4.0.0/8;192.5.0.0/8 or *\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions in the expected security rule\"\r\n }\r\n },\r\n \"priority\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected priority\",\r\n \"description\": \"The priority of the expected security rule.\"\r\n }\r\n },\r\n \"access\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected access\",\r\n \"description\": \"The access (allow/deny) of the expected security rule.\"\r\n },\r\n \"allowedValues\": [\r\n \"Allow\",\r\n \"Deny\"\r\n ]\r\n },\r\n \"name\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected name\",\r\n \"description\": \"The name of the expected security rule.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('nsgPrefix'), '-', field('location'))]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"equals\": \"[parameters('priority')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"[parameters('access')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"name\": {\r\n \"type\": \"string\"\r\n },\r\n \"priority\": {\r\n \"type\": \"string\"\r\n },\r\n \"access\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"isSinglePrefix\": \"[equals(count(parameters('sourceAddressPrefixes')), 1)]\",\r\n \"isSinglePortRange\": \"[equals(count(parameters('destinationPortRanges')), 1)]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('nsgName'), '/', parameters('name'))]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"properties\": {\r\n \"description\": \"Rule auto-created by Internet Exposed Endpoints protection\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[if(variables('isSinglePortRange'), first(parameters('destinationPortRanges')), '')]\",\r\n \"destinationPortRanges\": \"[if(not(variables('isSinglePortRange')), parameters('destinationPortRanges'), json('[]'))]\",\r\n \"sourceAddressPrefix\": \"[if(variables('isSinglePrefix'), first(parameters('sourceAddressPrefixes')), '')]\",\r\n \"sourceAddressPrefixes\": \"[if(not(variables('isSinglePrefix')), parameters('sourceAddressPrefixes'), json('[]'))]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"[parameters('access')]\",\r\n \"priority\": \"[int(parameters('priority'))]\",\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"name\": {\r\n \"value\": \"[parameters('name')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[parameters('priority')]\"\r\n },\r\n \"access\": {\r\n \"value\": \"[parameters('access')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f283ec4-25a9-46df-bbf2-806ed5a3e115\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rs defaultvalue backslash\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Extensions to Exclude\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \".FWD;.GSC;.GSE;.MYD;.MYI;.SMD;.VAC;.BAK;.CHK;.FRM;.LDF;.LOG;.MBX;.MDF;.NDF;.TRN;.UND;.UNF;.UNH;.UNI;.UNQ;.UNS;.VHD;.VMDX;.WCI;.EDB;.SDS\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Paths to Exclude\",\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Sysvol;C:\\\\ProgramData\\\\Microsoft\\\\SharePoint;C:\\\\Program Files\\\\Common Files\\\\Microsoft Shared\\\\Web Server Extensions;C:\\\\Program Files\\\\Operations Manager;C:\\\\Program Files\\\\Microsoft Monitoring Agent;C:\\\\Program Files\\\\Microsoft Office Servers;C:\\\\Program Files\\\\Microsoft System Center 2012 R2\\\\Server;C:\\\\Program Files\\\\System Center Operations Manager;C:\\\\Program Files\\\\System Center Operations Manager 2007;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\NTDS;C:\\\\Windows\\\\System32\\\\LogFiles;C:\\\\Windows\\\\Sysvol;C:\\\\Program Files\\\\Double-Take Software;C:\\\\Program Files\\\\DoubleTake;C:\\\\Program Files\\\\Exchsrvr;C:\\\\Program Files\\\\Ipswitch;C:\\\\Program Files\\\\LogMeIn;C:\\\\Windows\\\\SoftwareDistribution\\\\Datastore;C:\\\\Windows\\\\Temp\\\\Gthrsvc\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Processes to Exclude\",\r\n \"description\": \"Semicolon delimited list of processes to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"HealthService.exe;ManagementService.exe;Microsoft.Mom.Sdk.Service.exe;Microsoft.Mom.ConfigServiceHost.exe;MonitoringHost.exe;pagefile.sys\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable real time protection\",\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Scheduled scans\",\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n },\r\n \"defaultValue\": \"false\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Scheduled Scan Type\",\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n },\r\n \"defaultValue\": \"Quick\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Day of Scheduled Scan\",\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n },\r\n \"defaultValue\": \"7\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Time of Scheduled Scan\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"120\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"value\": \"[parameters('ExclusionsExtensions')]\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"value\": \"[parameters('ExclusionsPaths')]\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"value\": \"[parameters('ExclusionsProcesses')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"[parameters('RealtimeProtectionEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsIsEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsDay')]\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsTime')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50877efd-8dd9-43d5-b4e6-3b70e64311b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50877efd-8dd9-43d5-b4e6-3b70e64311b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy key vault KV_B if key vault KV_A does not exist.\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy will deploy a key vault named KV_B if a key vault named KV_A does not exist.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"KV_B\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-10-01\",\r\n \"name\": \"KV_A\",\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"location\": \"eastus2\",\r\n \"properties\": {\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"sku\": {\r\n \"family\": \"A\",\r\n \"name\": \"standard\"\r\n },\r\n \"accessPolicies\": []\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50e2972e-143c-4edf-9ef6-bee0f84212d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaTestRbac\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Authorization/roleAssignments/principalId\",\r\n \"equals\": \"Admin\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/560482cd-dac5-41e6-9cef-b0aecd6020de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"560482cd-dac5-41e6-9cef-b0aecd6020de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : definition param with assignPermissions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/57ef268f-b414-436a-9894-125a81d80b30\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"57ef268f-b414-436a-9894-125a81d80b30\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"GokmenhAuditLocation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit if not west us\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5948d091-78b7-4d3b-a404-cc6a0329b0c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5948d091-78b7-4d3b-a404-cc6a0329b0c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"deployifnotexist template alias tests - redis\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/Redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/sku.family\",\r\n \"equals\": \"C\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"Whatever*\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"type\": \"string\"\r\n },\r\n \"nameField\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuFamilyOut\": {\r\n \"value\": \"[parameters('skuFamily')]\",\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPortOut\": {\r\n \"value\": \"[parameters('enableNonSslPort')]\",\r\n \"type\": \"string\"\r\n },\r\n \"nameFieldOut\": {\r\n \"value\": \"[parameters('nameField')]\",\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/sku.family')]\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/enableNonSslPort')]\"\r\n },\r\n \"nameField\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"exists\": \" false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca376\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca376\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86318519\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86318519\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallrules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"AllowAllWindowsAzureIps\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca600\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca600\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"exists\": \"true\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"notIn\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca8d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca8d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Test storage alias\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Test storage alias\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"type\": \"string\"\r\n },\r\n \"encrypt\": {\r\n \"type\": \"string\"\r\n },\r\n \"accessTier\": {\r\n \"type\": \"string\"\r\n },\r\n \"skuName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuNameOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('skuName')]\"\r\n },\r\n \"accessTierOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('accessTier')]\"\r\n },\r\n \"httpsOnlyOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('httpsOnly')]\"\r\n },\r\n \"encryptOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('encrypt')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly')]\"\r\n },\r\n \"encrypt\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/enableBlobEncryption')]\"\r\n },\r\n \"accessTier\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/accessTier')]\"\r\n },\r\n \"skuName\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/sku.name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5fa69139-9a49-464e-90b5-0d243a469138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5fa69139-9a49-464e-90b5-0d243a469138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit costcenter tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"value\": \"[resourceGroup().tags.CostCenter]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6ced0d17-98f3-41e2-8038-08c8f4fb90e3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6ced0d17-98f3-41e2-8038-08c8f4fb90e3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim Apply allowed tag and its default value\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"3\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n },\r\n \"allowedValues\": [\r\n \"TagA\",\r\n \"TagB\"\r\n ]\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6d1735de-f3e3-4c40-a8b2-7b3a1042a895\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6d1735de-f3e3-4c40-a8b2-7b3a1042a895\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": null\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"3\"\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"Metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The metric operator.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"The timeAggregation.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"The window size.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"The evaluation frequency.\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The action group id.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('alertNamePrefix'), '*')]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(toLower(parameters('alertNamePrefix')), uniqueString(resourceGroup().id))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6f2c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6f2c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testImageId\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"css\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"contains\": \"resourceGroups/testSandipsh\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/70dc1e8d-61c9-4089-8bf5-895b227c1298\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"70dc1e8d-61c9-4089-8bf5-895b227c1298\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"policyTrackedResources-sdk-tests\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"notIn\": [\r\n \"policyTrackedResources-sdk-tests-rule1\",\r\n \"policyTrackedResources-sdk-tests-rule2\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule1')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule2')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2001,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny if blob is not encrypted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/74d5cf40-7293-46a4-a285-7ea971e3719a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"74d5cf40-7293-46a4-a285-7ea971e3719a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Location restriction\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Policy to force allocations to a set of given locations\",\r\n \"metadata\": {\r\n \"category\": \"cstack\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/763dcd1d-a4a9-46a8-8bd3-357c4533a335\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"763dcd1d-a4a9-46a8-8bd3-357c4533a335\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83577342 deny proxy resource location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/83577342/home\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"eastus\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingjobs/transformations\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/77429b44-aac1-4417-a53e-6900c07e11ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"77429b44-aac1-4417-a53e-6900c07e11ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Block TLS < 1.2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/slots/config\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\r\n \"notEquals\": \"1.2\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/78c5df31-2f05-4f4d-acfe-3e536d88c1bc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"78c5df31-2f05-4f4d-acfe-3e536d88c1bc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny ActiveDirectory administrators\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/administrators/administratorType\",\r\n \"equals\": \"ActiveDirectory\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash weird chars\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR!@#$%^&*()_+=-{}[];:',.<>?~`/;C:\\\\hello\\\\there\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7f4d769f-78db-46eb-ac3c-0b8214f8c245\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f4d769f-78db-46eb-ac3c-0b8214f8c245\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock v2\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/83daa8ee-7c9a-470c-81a8-5a99ac09d134\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83daa8ee-7c9a-470c-81a8-5a99ac09d134\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"northwell.io\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/86cd412c-c557-473b-984c-a5f15cdcb116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86cd412c-c557-473b-984c-a5f15cdcb116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Parameterized effect (if location != eastus)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The policy effect.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"eastus\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"885f1dcb-a9c5-4c8c-8996-2702db44a2d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.xyz\",\r\n \"exists\": false\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8959fd87-c1dd-4831-9034-a4f876bee1cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8959fd87-c1dd-4831-9034-a4f876bee1cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Kubernetes ingress policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Only specified ingress is allowed based on names\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere applicability test 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/whatever\"\r\n },\r\n {\r\n \"field\": \"tags.applicability\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8e6b598c-1a45-404b-97dd-983e37c040da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8e6b598c-1a45-404b-97dd-983e37c040da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_ipRangeFilter\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/ipRangeFilter\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9012b1cd-b045-46c6-a510-6137e06a009c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elperetest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"value\": \"[resourceGroup().tags['Hyphen-test']]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9389a21b-2134-414a-a579-e9f2709b2131\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9389a21b-2134-414a-a579-e9f2709b2131\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash (array)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": [\r\n \"C:\\\\rs-pkgs\",\r\n \"C:\\\\System Volume Information\\\\DFSR\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/985adbc0-6d2e-448a-ac26-89d3688191d5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"985adbc0-6d2e-448a-ac26-89d3688191d5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github209\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/virtualNetworkRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9a060c03-fda7-4b0a-b4da-15e2b7e4d117\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9a060c03-fda7-4b0a-b4da-15e2b7e4d117\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - Subscription Lvl test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Subscriptionlevel auditIfNotExist policy\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a1b067c8-2970-4c0b-b0da-31ae7f33d1de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1b067c8-2970-4c0b-b0da-31ae7f33d1de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Noop\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Don't do anything\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"yabba\",\r\n \"dabba\",\r\n \"doo\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a309ad64-0bae-48d9-a6b1-d99c0b4218b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a309ad64-0bae-48d9-a6b1-d99c0b4218b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyof\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a337c781-c7d8-4e12-ae69-1951c7e74378\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a337c781-c7d8-4e12-ae69-1951c7e74378\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127 - better\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\",\r\n \"Deny\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"81196380\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure https traffic only for storage account\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure https traffic only for storage account\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"true\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscription name tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"add subscription name tag\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionname\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionname\",\r\n \"value\": \"[subscription().displayName]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d82a2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d82a2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Add subscription \\\"id\\\" tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.id\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.id\",\r\n \"value\": \"[subscription().id]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8339\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8339\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscriptionId tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionId\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionId\",\r\n \"value\": \"[subscription().subscriptionId]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8635\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8635\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgaNSGtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/aeb6a524-e3d1-4b8a-afa8-26ae4e291116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aeb6a524-e3d1-4b8a-afa8-26ae4e291116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed Location Indexed\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"hackathon policy\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Allowed-Locations-Indexed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Allowed-Locations-Indexed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if antiMalware extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy audits if the anti malware extension .\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/antiMalwareExtensionExists\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"antiMalwareExtensionExists\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Web socket must be disabled on App Services\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures web sockets are disabled on App Services.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/AppServiceWebSockets\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"AppServiceWebSockets\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure Security Center must be enabled\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures Azure Security Center is enabled.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ASCEnabled\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ASCEnabled\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and it's value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and its value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits if a required extension doesn't exist.\",\r\n \"parameters\": {\r\n \"publisher\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The publisher of the extension\",\r\n \"displayName\": \"Extension Publisher\"\r\n }\r\n },\r\n \"type\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The type of the extension\",\r\n \"displayName\": \"Extension Type\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"[parameters('publisher')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"[parameters('type')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/audit-vm-extension\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"audit-vm-extension\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"CanCrudPolicyAssignment Policy Definition $[Auto Test]\",\r\n \"policyType\": \"Custom\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"ResourceProviderTestHost/TestResourceType/TestResourceTypeNestedOne/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/azsmnet6487\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"azsmnet6487\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"89322663 audit diag setting\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"description\": \"The list of resources types to audit for missing diagnostic log settings.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"details\": {\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"equals\": \"true\",\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\"\r\n }\r\n ]\r\n },\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\"\r\n },\r\n \"effect\": \"AuditIfNotExists\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b350b9b0-8ba5-4867-bc9c-63b4544671b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b350b9b0-8ba5-4867-bc9c-63b4544671b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"makharchtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"policy\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b36f6195-0fc5-4a41-bbce-875248400f5f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b36f6195-0fc5-4a41-bbce-875248400f5f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash really long string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b9203c56-0565-434a-a315-87f4da9f21b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b9203c56-0565-434a-a315-87f4da9f21b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"NSG Rules exists test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].protocol\",\r\n \"notLike\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/bb6a78ae-8737-41e0-9c41-cc777c8c00a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bb6a78ae-8737-41e0-9c41-cc777c8c00a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"Category\": \"Flintstones\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"yabba\",\r\n \"dabba\",\r\n \"doo\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/BedrockPolicy\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"BedrockPolicy\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c0f586f1-abe5-4801-8588-7332e49e60c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c0f586f1-abe5-4801-8588-7332e49e60c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"234\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logprofiles\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/logprofiles\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Doublecheck the lifecycle tag policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy refers to tags['Lifecycle'], which with the current implementation of the escaped tags syntax will refer to a tag named 'Lifecycle' (quotes and all). This is a customer policy that would be broken when I switch the meaning of tags['Lifecycle'] to refer simply to a tag named Lifecycle (no quotes)\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['Lifecycle']\",\r\n \"notIn\": [\r\n \"dev\",\r\n \"tst\",\r\n \"stg\",\r\n \"prd\",\r\n \"trn\",\r\n \"prf\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c6be98a9-8108-40aa-b726-d2ae8e2891b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c6be98a9-8108-40aa-b726-d2ae8e2891b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe resource group auditIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c7b9982d-2f50-4730-935f-5c241982a441\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c7b9982d-2f50-4730-935f-5c241982a441\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed resource types\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": \"The list of allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('allowedTypes')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c872f951-1c5d-4c61-89dd-aee2350a11ba\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8b79b49-a579-4045-984e-1b249ab8b474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8cedfaa-4aa0-465a-8b90-49caf8177158\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8cedfaa-4aa0-465a-8b90-49caf8177158\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere css block NSG changes\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/95894791/home\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"nsgName\",\r\n \"description\": \"The name of the NSG.\"\r\n },\r\n \"defaultValue\": \"nsgName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('nsgName')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"fullName\",\r\n \"like\": \"[concat(parameters('nsgName'), '/*')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ca01432d-4278-45a6-8137-69f2155d2248\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ca01432d-4278-45a6-8137-69f2155d2248\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin empty string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure resource names meet the like condition for a pattern.\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"namePattern\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"namePattern\",\r\n \"description\": \"Pattern to use for names. Can include wildcard (*).\"\r\n },\r\n \"allowedValues\": [\r\n \"\",\r\n \"one\",\r\n \"two\"\r\n ],\r\n \"defaultValue\": \"\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('namePattern')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"camarvin-test-empty-assign\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere append 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.test\",\r\n \"value\": \"1\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny on 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.test\",\r\n \"equals\": \"1\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Resource name contains resource group name\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Require resources to contain the resource group's name\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"notContains\": \"[resourceGroup().name]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/contain-resource-group-name\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"contain-resource-group-name\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v3\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"third attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5002\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-deployIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"deploys a delete lock for a resource \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/0b88dfdb-55b3-4fb0-b474-5b6dcbe6b2ef/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"CanNotDelete\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {},\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"apiVersion\": \"2015-01-01\",\r\n \"name\": \"DeleteLock\",\r\n \"properties\": {\r\n \"level\": \"CanNotDelete\",\r\n \"notes\": \"prevent deletion\"\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5632\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5632\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce KeyVault diagnostic log storage (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"elperetest\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('elpere', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d0d9349d-843c-443a-9f27-5ce84f08c37e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d0d9349d-843c-443a-9f27-5ce84f08c37e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere template paramters function tests\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"testing strange array behavior\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"contains\": \"lmao\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"String\"\r\n },\r\n \"dataDisks\": {\r\n \"type\": \"object\"\r\n },\r\n \"osDisk\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmVar\": \"[parameters('vmName')]\",\r\n \"dataDisksVar\": \"[parameters('dataDisks')]\"\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"vmNameOut\": {\r\n \"value\": \"[variables('vmVar')]\",\r\n \"type\": \"String\"\r\n },\r\n \"dataDisksOut\": {\r\n \"value\": \"[concat(array(parameters('osDisk')), if(empty(parameters('dataDisks').rawValue), parameters('dataDisks').emptyArray, array(parameters('dataDisks').rawValue)))]\",\r\n \"type\": \"array\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"dataDisks\": {\r\n \"value\": {\r\n \"rawValue\": \"[field('Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.id')]\",\r\n \"emptyArray\": []\r\n }\r\n },\r\n \"osDisk\": {\r\n \"value\": \"[field('Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.id')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d2532053-bf59-4095-a1ae-2b7e4744f119\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d2532053-bf59-4095-a1ae-2b7e4744f119\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Access KV as part of remidiation deployment test (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"hello\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"outputs\": {\r\n \"testSecretOutput\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('testSecret')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"reference\": {\r\n \"keyVault\": {\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/elpere/providers/Microsoft.KeyVault/vaults/elpereKv\"\r\n },\r\n \"secretName\": \"test\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d35ce9be-f51b-4d3e-bc7f-dde2936381b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d35ce9be-f51b-4d3e-bc7f-dde2936381b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - inv\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"inv \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\",\r\n \"details\": {\r\n \"functionId\": \"subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourcegroups/AKif2WebApp/providers/Microsoft.Logic/workflows/deneme\",\r\n \"payload\": {\r\n \"locations\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d54722e7-4665-47ce-9a82-2f96cebfe238\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d54722e7-4665-47ce-9a82-2f96cebfe238\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - incident - gardner\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"name\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"text\": {\r\n \"type\": \"string\",\r\n \"value\": \"Policy executed for resource [parameters('name')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"name\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d54722e7-4665-47ce-9a82-2f96cebfe353\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d54722e7-4665-47ce-9a82-2f96cebfe353\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs (NSG level)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Overwrites security rules with IP restrictions at the NSG level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges may overlap.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"getNsgDeploymentName\": \"[concat('getNSGContent-', parameters('nsgName'))]\",\r\n \"collectorDeploymentName\": \"[concat('collectRules-', parameters('nsgName'))]\",\r\n \"overwriteNsgDeploymentName\": \"[concat('overwriteNsg-', parameters('nsgName'))]\",\r\n \"nsgResourceId\": \"[resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"nsgProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('nsgResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectorDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_collectRules_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"nsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"portRangesToRestrict\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_overwriteNSG_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"originalNsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"updatedSecurityRules\": {\r\n \"value\": \"[reference(variables('collectorDeploymentName')).outputs.updatedSecurityRules.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d7b13c30-e6aa-47e1-b50a-8e33f152d086\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d7b13c30-e6aa-47e1-b50a-8e33f152d086\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7121\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7126\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e712b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7130\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7135\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e713a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Audited skus\",\r\n \"description\": \"The list of skus.\",\r\n \"strongType\": \"storageSkus\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e90ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e90ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List Of Allowed SKUs\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"vmSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e9170\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e9170\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[elpere] deployIfNotExists Runners test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"deployIfNotExistsTestsRule\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/deployIfNotExistsTestsRule')]\",\r\n \"properties\": {\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbfa9fc0-5202-4001-8759-1aa2387f825b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbfa9fc0-5202-4001-8759-1aa2387f825b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"allowedOS\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"test_sandipsh\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedWindows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Windows VMs\",\r\n \"description\": \"The list of allowed VMs for Windows.\"\r\n }\r\n },\r\n \"listOfAllowedUbuntus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Ubuntu VMs\",\r\n \"description\": \"The list of allowed VMs for Ubuntu.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/disks\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"Canonical\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"UbuntuServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedUbuntus')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedWindows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services backup policies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"policies\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policies\",\r\n \"description\": \"The list of allowed Recovery Services backup policies.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n },\r\n \"policy\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policy\",\r\n \"description\": \"Allowed Recovery Services backup policy.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('policies')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('policy')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e3f9a624-b17d-4dc8-9649-65814d3241bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3f9a624-b17d-4dc8-9649-65814d3241bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"authSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their logs config\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"logs\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny changing sites authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"defaultValue: all parameters\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"defaultValue\"\r\n },\r\n \"parameters\": {\r\n \"locations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array)\",\r\n \"description\": \"The list of locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": [\r\n \"eastus\",\r\n \"westus\"\r\n ]\r\n },\r\n \"location\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string)\",\r\n \"description\": \"The location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"resourceGroups\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array)\",\r\n \"description\": \"The list of resource groups.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": [\r\n \"camarvin\"\r\n ]\r\n },\r\n \"resourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string)\",\r\n \"description\": \"The resource group.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": \"camarvin\"\r\n },\r\n \"tags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array)\",\r\n \"description\": \"The list of tags.\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"tag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string)\",\r\n \"description\": \"The tag.\"\r\n },\r\n \"defaultValue\": \"\"\r\n },\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array, av)\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": [\r\n \"eastus\"\r\n ]\r\n },\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string, av)\",\r\n \"description\": \"The allowed location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"allowedStorageSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array, av)\",\r\n \"description\": \"The list of allowed storage SKUs for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ]\r\n },\r\n \"allowedStorageSKU\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string, av)\",\r\n \"description\": \"The allowed storage SKU for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": \"Standard_LRS\"\r\n },\r\n \"allowedTags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array, av)\",\r\n \"description\": \"The list of allowed tags.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ]\r\n },\r\n \"allowedTag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string, av)\",\r\n \"description\": \"The allowed tag.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": \"FirstName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('locations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('resourceGroups')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('resourceGroup')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('tags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('tag')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedStorageSkus')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"Equals\": \"[parameters('allowedStorageSku')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedTags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"NotEquals\": \"[parameters('allowedTag')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ea1688b3-022e-4add-af39-2fe60689a3b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ea1688b3-022e-4add-af39-2fe60689a3b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny \\\"Allow All\\\" NSG rules\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies the creation of sourceAddressPrefix=\\\"*\\\", destinationPortRange=\\\"*\\\" NSG security rules\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"PortLockdown_AllowAll\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"notEquals\": \"4000\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github264\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/siteAuthSettings.enabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ef00ee9d-fe45-4d14-8bee-789eea392116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ef00ee9d-fe45-4d14-8bee-789eea392116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"GokmenhTestTagWithHyphen5\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"GokmenhTestTagWithHyphen5\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"value\": \"[resourceGroup().tags['Hyphen-test']]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/f2320be5-23be-4b58-8d8e-08c3044dd60f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f2320be5-23be-4b58-8d8e-08c3044dd60f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy enables you to audit your location.\",\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/LocationAuditDefinition\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"LocationAuditDefinition\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"northeurope\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/policy2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"policy2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps6386\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps6386\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9652\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps9652\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9867\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps9867\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test policy\",\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testSandipsh.draft\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testSandipsh.draft\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testtest\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"testtest\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testtest\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testtest\"\r\n }\r\n ]\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucz9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "CustomFilterParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:b61abe75-ce33-475c-8a3b-60a2b8df3f7e" + ], + "x-ms-correlation-request-id": [ + "ca065a36-f783-49be-9d7d-a35568d3af13" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T193756Z:ca065a36-f783-49be-9d7d-a35568d3af13" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 19:37:55 GMT" + ], + "Content-Length": [ + "487308" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines without disaster recovery configured\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"ASR-Protect-*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an Function app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"001802d1-4969-4c82-a700-c29c6c6f9bbd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"053d3325-282c-4e5c-b944-24faffd30d77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Data Lake Store\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057ef27e-665e-4328-8ea3-04b3122bd9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL DB Level Audit Setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit DB level audit setting for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit VMs that do not use managed disks\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0868462e-646c-4fe3-9ced-a733534b6a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08b17839-76c6-4015-90e0-33d9d54d219c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit minimum number of owners for subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate more than one subscription owner in order to have administrator access redundancy.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateMoreThanOneOwner\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted VM Disks in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0961003e-5a0a-4549-abde-af6a37f2724d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit resource location matches resource group location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that the resource location matches its resource group location\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"notIn\": [\r\n \"[resourcegroup().location]\",\r\n \"global\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a914e76-4921-4c19-b460-a2d36003525a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an function app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e60b895-3786-45da-8377-9c6b4b6ac5f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11ac78e3-31bc-4f0c-8434-37ab963cea07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the required content to audit that an application is installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"WhitelistedApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WhitelistedApplication\"\r\n },\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"installedApplication\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[Parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit transparent data encryption status\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit transparent data encryption status for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"enabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17k78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1c210e94-a481-4beb-95fa-1571b434fb04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicCompute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d84d5fb-01f6-4d12-ba4f-4a26081d403d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1de7b11d-1870-41a5-8181-507e7c663cfb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enforces a required tag and its value. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e30110a-5ceb-460c-a204-c1c3969c6d62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit provisioning of an Azure Active Directory administrator for SQL server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/administrators\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f314764-cb73-4fc9-b863-8eca98ac36e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected web application in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Web applications without a Web Application Firewall protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\",\r\n \"Microsoft.Web/hostingEnvironments\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201ea587-7c90-41c3-910f-c280ae01cfd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a API app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"224da9fe-0d38-4e79-adb3-0a6e2af942ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of only secure connections to your Redis Cache\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Cache\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22bee202-a82f-4305-9a2a-6d7f44d4dedb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordLength\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordLength\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit configuration of metric alert rules on Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit configuration of metric alert rules on Batch account to enable the required metric\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/alertRules\",\r\n \"existenceScope\": \"Subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\r\n \"equals\": \"[parameters('metricName')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\r\n \"equals\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', field('name'))]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Microsoft IaaSAntimalware extension for Windows Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys a Microsoft IaaSAntimalware extension with a default configuraion when a VM is not configured with the antimalware extension.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of process names to exclude from scanning\"\r\n }\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"false\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Quick\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"7\",\r\n \"metadata\": {\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"120\",\r\n \"metadata\": {\r\n \"description\": \"When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM.\"\r\n }\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2835b622-407b-4114-9198-6f7064cbe0dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Applies a required tag and its default value if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fde8a98-6892-426a-83ba-050e640c0ce0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32133ab0-ee4b-4b44-98d6-042180979d50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid232\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"equals\": \"Allow\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34c877ad-507e-4c82-993e-3452a6e0ad3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Logic Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Logic Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34f95f76-5386-4de7-b824-0d8478470c9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MaximumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MaximumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enablement of encryption of Automation account variables\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is important to enable encryption of Automation account variable assets when storing sensitive data\",\r\n \"metadata\": {\r\n \"category\": \"Automation\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts/variables\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Automation/automationAccounts/variables/isEncrypted\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3657f5a0-770e-44a3-b44e-9431ba1e9735\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Threat Detection is enabled on SQL Servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicStorage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in IoT Hubs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Internet of Things\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Devices/IotHubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"383856f8-de7f-44a2-81fc-e5135b5c2aa4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c1b3629-c8f8-4bf6-862c-037cb9094038\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Log Analytics Agent for Ubuntu VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace\",\r\n \"metadata\": {\r\n \"category\": \"Compute\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\",\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\",\r\n \"14.04.2-LTS\",\r\n \"12.04.5-LTS\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fe37002-5d00-4b37-a301-da09e3a0ca66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit secure transfer to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit requirment of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"404c3081-a854-4457-ae30-26a93ef643f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"428256e6-1fac-4f48-a757-df34c2b3336d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor permissive network access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"permissiveNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44452482-524f-4bf4-b852-0bff7cc4a3ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require SQL Server version 12.0\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures all SQL servers use version 12.0\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/version\",\r\n \"equals\": \"12.0\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46544d7b-1f0d-46f5-81da-5c1351de1b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce automatic OS upgrade with app health checks on VMSS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces usage of automatic OS upgrade with application health checks through health probes, which enables safer rollout by evaluating application health after each OS upgrade batch.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade\",\r\n \"equals\": \"True\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/networkProfile.healthProbe.id\",\r\n \"exists\": \"False\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f0161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible app Whitelisting in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible Application Whitelist configuration will be monitored by Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"applicationWhitelisting\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47a6b606-51aa-4496-8bb7-64b11cf66adc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48893b84-a2c8-4d9a-badf-835d5d1b7d53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Applies a required tag and its default value to resource groups if it is not specified by the user.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d1c04de-2172-403f-901b-90608c35c721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit maximum number of owners for a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateLessThanXOwners\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healty\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f11b553-d42e-4e3a-89be-32ca364cad4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with write permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df82f4f-773a-4a2d-97a2-422a806f1a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in India data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: West India, South India, Central India\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with read permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit the setting of ClusterProtectionLevel property to EncryptAndSign in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].name\",\r\n \"notEquals\": \"Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name\",\r\n \"notEquals\": \"ClusterProtectionLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value\",\r\n \"notEquals\": \"EncryptAndSign\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"617c02be-7f02-4efd-8836-3180d47b6c68\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit missing blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits storage accounts without blob encryption. It only applies to Microsoft.Storage resource types, not other storage providers. Possible network Just In Time access will be monitored by Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"655cb504-bcee-4362-bd4c-402e6aa38759\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a Function app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"664346d9-be92-43fb-a219-d595eeb76a90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a web application from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8450e2-6c61-43b4-be65-62e3a197bffe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization cannot deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that cannot be deployed.\",\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesNotAllowed')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdb9205-3462-4cfc-87d8-16c7860b53f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"EnforcePasswordHistory\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed storage account SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"StorageSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7433c107-6db4-4ad1-b57a-a76dce0154a1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in App Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"752c6934-9bcc-4749-b004-655e676ae2ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor VM Vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"vulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"760a85ff-6162-42b3-8d70-698e268f648c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"IaaSDiagnostics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Diagnostics\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"LinuxDiagnostic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.OSTCExtensions\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c1b1214-f927-48bf-8882-84f0af6588b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e56b49b-5990-4159-a734-511ea19b731c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordMustMeetComplexityRequirements\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit diagnostic setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f89b1eb-583c-429a-8828-af049802c1d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a214f7-d01a-484b-91a9-ed54470c9a6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy SQL DB transparent data encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enables transparent data encryption on SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('fullDbName'), '/current')]\",\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"apiVersion\": \"2014-04-01\",\r\n \"properties\": {\r\n \"status\": \"Enabled\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"value\": \"[field('fullName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing system updates in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Missing security system updates on your servers will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"systemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86b3d65f-7626-441e-b690-81a8b71cff60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"not_installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"not_installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"884b209a-963b-4520-8006-d20cb3c213e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces a required tag and its value on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce3da23-7156-49e4-b145-24f95f9dcb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"StorePasswordsUsingReversibleEncryption\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9297c21d-2ed6-4474-b48f-163f75654ce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in European data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: North Europe, West Europe\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"northeurope\",\r\n \"westeurope\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"94c19f19-8192-48cd-a11b-e37099d3e36b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in United States data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"centralus\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"northcentralus\",\r\n \"southcentralus\",\r\n \"westus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"983211ba-f348-4758-983b-21fa29294869\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9bfe3727-0a17-471f-a2fe-eddd6b668745\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected network endpoints in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network endpoints without a Next Generation Firewall's protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedNetworkEndpoint\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9daedab3-fb2d-461e-b861-71790eead4f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that can be deployed.\",\r\n \"displayName\": \"Allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesAllowed')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a08ec900-254a-4555-9bf5-e42af04b5c5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Service Bus namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1817ec0-a368-432a-8057-8371e17ac6ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a451c1ef-c6ca-483d-87ed-f49761e3ffb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL server level Auditing settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audits the existence of SQL Auditing at the server level\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Desired Auditing setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enabled\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit standard tier of DDoS protection is enabled for a virtual network\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableDDoSProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce encryption on Data Lake Store accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures encryption is enabled on all Data Lake Store accounts\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DataLakeStore/accounts/encryptionState\",\r\n \"equals\": \"Disabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7ff3161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unencrypted SQL servers or databases will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a8bef009-a5c9-4d0f-90d7-6018734e8a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy network watcher when virtual networks are created\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"networkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[field('location')]\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-09-01\",\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"name\": \"[concat('networkWacher_', parameters('location'))]\",\r\n \"location\": \"[parameters('location')]\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with owner permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa633080-8b72-40c4-a2d7-d00c03e80bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Automatic provisioning of security monitoring agent\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Installs security agent on VMs for advanced security alerts and preventions in Azure Security Center. Applies only for subscriptions that use Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"securityAgent\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abcc6037-1fc4-47f6-aac5-89706589be24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'environment' tag value in allowed values\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.environment\",\r\n \"in\": [\r\n \"production\",\r\n \"dev\",\r\n \"test\",\r\n \"staging\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"endpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af6cd1bd-1635-48cb-bde7-5b15693900b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unaudited SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"SQL servers and databases which doesn't have SQL auditing turned on will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"auditing\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af8051bf-258b-44e2-a2bf-165330459f9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible network Just In Time (JIT) access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"jitNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM /etc/passwd file permissions are set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Event Hub namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b278e460-7cfc-4451-8294-cccc40a940d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"AuditSecureProtocol\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AuditSecureProtocol\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs for Search service\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Search\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an API app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b48334a4-911b-4084-b1ab-3e6a4e50b951\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of Azure Active Directory for client authentication in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit usage of client authentication only via Azure Active Directory in Service Fabric\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b54ed75b-3e1a-44ac-a333-05ba39b99ff0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be0a7681-bed4-48dc-9ff3-f0171ee170b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Asia data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastasia\",\r\n \"southeastasia\",\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\",\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Data Lake Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply Diagnostic Settings for Network Security Groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy automatically deploys diagnostic settings to network security groups.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist)\",\r\n \"description\": \"This resource group must already exist\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setbypolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"rgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"storageDeployName\": \"[concat('policyStorage_', uniqueString(parameters('location'), parameters('nsgName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('nsgName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [\r\n \"[variables('storageDeployName')]\"\r\n ],\r\n \"properties\": {\r\n \"storageAccountId\": \"[reference(variables('storageDeployName')).outputs.storageAccountId.value]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('storageDeployName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('rgName')]\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-06-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[concat(parameters('storageprefix'), parameters('location'))]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"location\": \"[parameters('location')]\",\r\n \"tags\": {\r\n \"created-by\": \"policy\"\r\n },\r\n \"scale\": null,\r\n \"properties\": {\r\n \"networkAcls\": {\r\n \"bypass\": \"AzureServices\",\r\n \"defaultAction\": \"Allow\",\r\n \"ipRules\": [],\r\n \"virtualNetworkRules\": []\r\n },\r\n \"supportsHttpsTrafficOnly\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"storageAccountId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[resourceId(parameters('rgName'), 'Microsoft.Storage/storageAccounts',concat(parameters('storagePrefix'), parameters('location')))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('rgName')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb510bfd-1cba-4d9f-a230-cb0976f4bb71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed virtual machine SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for virtual machines.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cccc23c7-8427-4f53-ad12-b6a63eb452b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'department' tag set\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation only if the 'department' tag is set\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags\",\r\n \"containsKey\": \"department\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd8dc879-a2ae-43c3-8211-1877c5755064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Key Vault\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf820ca0-f99e-4f3e-84fb-66e913812d21\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Function Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a Function app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a web application from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd2ea520-6b06-45c3-806e-ea297c23e06a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e01598e8-6538-41ed-95e8-8b29746cd697\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor OS vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"osVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3576e28-8b17-4677-84c3-db2990658d64\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"global\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"notEquals\": \"Microsoft.AzureActiveDirectory/b2cDirectories\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e56962a6-4747-49cd-b67b-bf8b01975c4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Node.js Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Node.js version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestNodeJS\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e67687e8-08d5-4e7f-8226-5b4753bba008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations for resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that resource groups can be created in.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e765b5de-1225-4ba3-bd56-1ac6695af988\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within a web application must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e797f851-8be7-4c40-bb56-2e3395215b0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an API app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration and Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid110\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"NotInstalledApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"NotInstalledApplication\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[Parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0633351-c7b2-41ff-9981-508fc08553c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid121\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if they not logging to the LA workspace specified in the policy/initiative assignment.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"notEquals\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f47b5582-33ec-4c5c-87c0-b010a6b2e917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of authorization rules on Event Hub entities\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit existence of authorization rules on Event Hub entities to grant least-privileged access\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/eventhubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/eventHubs/authorizationRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4826e5f-6a27-407c-ae3e-9582eb39891d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Auditing on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\",\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8456c1c-aa66-4dfb-861a-25d127b775c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Service Bus\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Stream Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Stream Analytics\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingJobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits that the specified application is installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor SQL vulnerability assessment results in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedinstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"feedbf84-6b99-488c-acc2-71c829aa5ffc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"cheggert: Append VMSS extension\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/virtualMachineProfile\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*].type\",\r\n \"notEquals\": \"GenevaMonitoring\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*]\",\r\n \"value\": {\r\n \"name\": \"Microsoft.Azure.Geneva.GenevaMonitoring\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Geneva\",\r\n \"type\": \"GenevaMonitoring\",\r\n \"typeHandlerVersion\": \"1.8\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {}\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/01b105ed-6ded-4a1d-894c-df85fd9351cb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"01b105ed-6ded-4a1d-894c-df85fd9351cb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage_httpsTrafficOnly\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/023217dd-81bb-461f-93ea-8799caac50c7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"023217dd-81bb-461f-93ea-8799caac50c7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"This shouldn't work\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This customer's policy is attempting to append multiple tags at once. I expect it will just append one tag with a really long name\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"value\": [\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04183864-11ae-4e7a-aadb-c600e40ed1b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04183864-11ae-4e7a-aadb-c600e40ed1b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Inherit named tag from resource group\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Applies the tag value from the resource group if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[resourcegroup().tags[parameters('tagName')]]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04904947-4d10-4454-9a50-f423d590e11b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04904947-4d10-4454-9a50-f423d590e11b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : AuditIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"deploys a delete lock for a resource \",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/0b88dfdb-55b3-4fb0-b474-5b6dcbe6b2ef/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"CanNotDelete\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {},\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"apiVersion\": \"2015-01-01\",\r\n \"name\": \"DeleteLock\",\r\n \"properties\": {\r\n \"level\": \"CanNotDelete\",\r\n \"notes\": \"prevent deletion\"\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ddd96d8-fccd-40cb-81d2-5072a4ed061c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ddd96d8-fccd-40cb-81d2-5072a4ed061c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robga-nsgtemplate-test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ddfee46-9b63-4313-a529-cfbf968d8118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ddfee46-9b63-4313-a529-cfbf968d8118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akif incident - 85944710\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 85944710\\nhttps://icm.ad.msft.net/imp/v3/incidents/details/85944710/home\\n\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af12870bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af12870bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"second attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af1287abe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af1287abe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"chegg: Deploy azsecpack autoupgrade (VMSS)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n }\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*].name\",\r\n \"notEquals\": \"Microsoft.Azure.Geneva.GenevaMonitoring\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"Microsoft.Azure.Geneva.GenevaMonitoring\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"GenevaMonitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Geneva\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/enableAutomaticUpgrade\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-10-01\",\r\n \"name\": \"[concat(parameters('vmssName'), '/Microsoft.Azure.Geneva.GenevaMonitoring')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"enableAutomaticUpgrade\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ec05dac-e529-48ef-8c20-f7e6af99a12b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ec05dac-e529-48ef-8c20-f7e6af99a12b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/123c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"123c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim nsg repro\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"fix\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/14ac45e9-df97-455d-b6ee-dd216f15f694\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"14ac45e9-df97-455d-b6ee-dd216f15f694\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim-incident-86226837-fix\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"1 - reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/15358dd8-671e-4c96-be33-2b668791418f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"15358dd8-671e-4c96-be33-2b668791418f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Attempt service bus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logProfiles\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logProfiles/serviceBusRuleId\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/163c640e-681c-445f-92ba-cd434bd8c11c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"163c640e-681c-445f-92ba-cd434bd8c11c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.zyx\",\r\n \"exists\": \"false\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/17d43473-870f-4bc8-93c6-3961fa1d91cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17d43473-870f-4bc8-93c6-3961fa1d91cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"peterhaugeaudit\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Testing resource group in IfNotExists (not the intent of the original policy, but looks like there's some weirdness here)\\n\\nChanged: Microsoft.Resources/subscriptions/resourceGroups to Microsoft.Resources/resourceGroups\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"name\": \"EnforceServicePrincipalAccessToDevTestLabsResourceGroups\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/19153189-4506-4910-b7bc-756e0188a6f2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"19153189-4506-4910-b7bc-756e0188a6f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit all tags\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"tags\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags\",\r\n \"value\": \"[resourceGroup().tags]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1e3c9312-c011-40a3-ac40-3bf3ddc24120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e3c9312-c011-40a3-ac40-3bf3ddc24120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource group locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Allowed resource group locations\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f20036f-28c3-48f3-9266-05d50fe391f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f20036f-28c3-48f3-9266-05d50fe391f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"docdb_aliases_test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/isVirtualNetworkFilterEnabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f5360b7-fe59-43f7-8af5-825df420d09c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f5360b7-fe59-43f7-8af5-825df420d09c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ovewrites security rules with IP restrictions at the securityRule level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Limit to one protocol. The most inclusive should come last. I.e. 22;22-22;22-23\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"priority\": {\r\n \"type\": \"int\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[parameters('fullRuleName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-02-01\",\r\n \"properties\": {\r\n \"protocol\": \"*\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[last(parameters('destinationPortRanges'))]\",\r\n \"access\": \"Allow\",\r\n \"direction\": \"Inbound\",\r\n \"priority\": \"[parameters('priority')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[field('Microsoft.Network/networksecurityGroups/securityRules/priority')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"20c4afd0-8a77-4433-b8b0-4ad06e4c7111\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy NSGs on Subnets\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforce that all subnets have a Network Security Group. If a subnet does not have one an NSG with the default Internet Exposed Endpoint restrictions will be created and associated with it.\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string to apply to all automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges must not overlap.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks/subnets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"notEquals\": \"null\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgPrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"nsgName\": \"[concat(parameters('nsgPrefix'), '-', parameters('location'))]\",\r\n \"vnetName\": \"[split(parameters('fullResourceName'), '/')[0]]\",\r\n \"vnetResourceId\": \"[resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))]\",\r\n \"getVnetDeploymentName\": \"[concat('getVnet-', variables('vnetName'))]\",\r\n \"collectSubnetsDeploymentName\": \"[concat('collectSubnets-', variables('vnetName'))]\",\r\n \"overwriteVnetDeploymentName\": \"[concat('overwriteVnet-', variables('vnetName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"vnetProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('vnetResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[variables('nsgName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"securityRules\": [\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Restrict\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from specific IP ranges (either corpnet or SAW)\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3997,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_AllowVnet\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from within the VNET\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"VirtualNetwork\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3998,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Deny\",\r\n \"properties\": {\r\n \"description\": \"Deny any controlled port connections that aren't explicitly allowed in higher priority rules\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 3999,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_AllowAll\",\r\n \"properties\": {\r\n \"description\": \"Allow all inbound traffic that isn't explicitly blocked by Port Lockdown restrictions\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 4000,\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectSubnetsDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_collectSubnets_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"nsgResourceId\": {\r\n \"value\": \"[resourceid('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"dependsOn\": [\r\n \"[variables('nsgName')]\"\r\n ],\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_overwriteVnet_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"updatedSubnets\": {\r\n \"value\": \"[reference(variables('collectSubnetsDeploymentName')).outputs.updatedSubnets.value]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"nsgPrefix\": {\r\n \"value\": \"[parameters('nsgPrefix')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/210ed8bd-6b07-4d5e-a62c-c34f07293288\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"210ed8bd-6b07-4d5e-a62c-c34f07293288\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit all Microsoft.Web/sites/config/authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/211a466d-b2be-46e8-b029-8c28f566f118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"211a466d-b2be-46e8-b029-8c28f566f118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of a tag2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits that a required tag is present on resources\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"notcontainsKey\": \"[parameters('tagName')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24813039-7534-408a-9842-eb99f45721b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append single location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.locationTest\",\r\n \"value\": \"[parameters('allowedLocation')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin oms vm linux parameterized effect\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"263f13f4-6b88-4788-bead-34beedde70ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere strange alias in field function\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"Tags['asdasd']\",\r\n \"equals\": \"[concat('whatever', 'a')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/26556185-593c-4866-9c0c-114ac0bf6120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26556185-593c-4866-9c0c-114ac0bf6120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test guest assignment\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/28e54a72-2fd7-40d3-afe2-b05423e0147a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"28e54a72-2fd7-40d3-afe2-b05423e0147a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"2nd attempt on this policy. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"notIn\": \"[parameters('allowedLocations')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd60841400\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd60841400\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-combined\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"the combined policy attempt for both cosmos db cases. \",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"locationNames\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd6084180f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd6084180f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage ip rules append 2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.ipRules\",\r\n \"value\": [\r\n {\r\n \"value\": \"8.8.8.8\",\r\n \"action\": \"Allow\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/2b2317a7-ab02-47b5-8159-eb7e6227709f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2b2317a7-ab02-47b5-8159-eb7e6227709f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[demo] Enforce KeyVault diagnostic log storage\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"[tolower(concat('cheggkv', parameters('location')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('cheggremdemo', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/332ce4ac-9200-4573-8c66-92b85fc82c8d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"332ce4ac-9200-4573-8c66-92b85fc82c8d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_enableAutomaticFailover\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/enableAutomaticFailover\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_defaultConsistencyLevel\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/consistencyPolicy.defaultConsistencyLevel\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0b7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_readLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_writeLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_failoverPolicies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd160\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c0df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c0df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL and Managed Instance TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c144\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c144\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services vaults test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"vault\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vault\",\r\n \"description\": \"The Recovery Services Vault.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n },\r\n \"vaults\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vaults\",\r\n \"description\": \"The list of Recovery Services Vaults.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('vault')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('vaults')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b2c1b0f-63c5-4943-8578-6d37fbe411bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b2c1b0f-63c5-4943-8578-6d37fbe411bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b788cf8-ff6f-4075-86a1-ab76270790e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b788cf8-ff6f-4075-86a1-ab76270790e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3cc5820a-cbb8-4977-9c90-d90ced95f12c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3cc5820a-cbb8-4977-9c90-d90ced95f12c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Name should have prefix and suffix\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Name should have prefix and suffix\",\r\n \"parameters\": {\r\n \"prefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The prefix\",\r\n \"description\": \"The name prefix\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"suffix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The suffix\",\r\n \"description\": \"The name suffix.\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('prefix'), '*', parameters('suffix'))]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e275e2e-a157-4ade-8f91-43b3ea370007\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e275e2e-a157-4ade-8f91-43b3ea370007\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Restrict VM skus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Restricts allowed VM skus to a predefined regex\",\r\n \"parameters\": {\r\n \"allowedSkuTemplate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed VM sku template\",\r\n \"description\": \"The VM sku template. Supports wildcards via '*'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"like\": \"[parameters('allowedSkuTemplate')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e34c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e34c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKU\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits the use of storage account SKUs that don't meet organizational cost policy.\",\r\n \"parameters\": {\r\n \"listOfAllowedSkus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of allowed SKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSkus')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e3682\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e3682\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaDataFactoryTest1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"RobgaDataFactoryTest\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataFactory/factories\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/robgatestworkspace/providers/Microsoft.OperationalInsights/workspaces/robgatestworkspace\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce autoUpgrade on VM/VMSS extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies any VM or VMSS extensions that do not have autoUpgradeMinorVersion set to true.\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f772\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f772\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically enabled autoUpgradeMinorVersion on VM extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f783\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f783\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM scale set extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically appends autoUpgradeMinorVersion=true to VMSS extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f7a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f7a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService must use serverFarm\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService serverFarm must have capacity > 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/serverFarms\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/serverFarms/sku.capacity\",\r\n \"in\": [\r\n \"0\",\r\n \"1\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc23\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc23\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Do_Not_Delete\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy is used for unit tests. Please do not delete it.\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4a0425e4-97bf-4ad0-ab36-145b94083c60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4a0425e4-97bf-4ad0-ab36-145b94083c60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny MySQL firewallRules starting with 0\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4b94c320-ce63-4fb6-ba9d-7dbe648b90de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4b94c320-ce63-4fb6-ba9d-7dbe648b90de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83686598\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"deny the creation of storage if supportsHttpsTrafficOnly is false\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"detect 'allow All' NSG rule\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c915617-16f0-4c62-b021-e66d5409d11d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c915617-16f0-4c62-b021-e66d5409d11d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332195\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332199\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332199\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny storage container creation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts/blobServices/containers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4d2f8837-7acb-4488-b580-95960ee3f116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d2f8837-7acb-4488-b580-95960ee3f116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure auto-created NSG rules exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ensures that security rules created in auto-created PortLockdown NSGs are not tampered with\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string applied to automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to in the expected security rule. I.e. 192.4.0.0/8;192.5.0.0/8 or *\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions in the expected security rule\"\r\n }\r\n },\r\n \"priority\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected priority\",\r\n \"description\": \"The priority of the expected security rule.\"\r\n }\r\n },\r\n \"access\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected access\",\r\n \"description\": \"The access (allow/deny) of the expected security rule.\"\r\n },\r\n \"allowedValues\": [\r\n \"Allow\",\r\n \"Deny\"\r\n ]\r\n },\r\n \"name\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected name\",\r\n \"description\": \"The name of the expected security rule.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('nsgPrefix'), '-', field('location'))]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"equals\": \"[parameters('priority')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"[parameters('access')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"name\": {\r\n \"type\": \"string\"\r\n },\r\n \"priority\": {\r\n \"type\": \"string\"\r\n },\r\n \"access\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"isSinglePrefix\": \"[equals(count(parameters('sourceAddressPrefixes')), 1)]\",\r\n \"isSinglePortRange\": \"[equals(count(parameters('destinationPortRanges')), 1)]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('nsgName'), '/', parameters('name'))]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"properties\": {\r\n \"description\": \"Rule auto-created by Internet Exposed Endpoints protection\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[if(variables('isSinglePortRange'), first(parameters('destinationPortRanges')), '')]\",\r\n \"destinationPortRanges\": \"[if(not(variables('isSinglePortRange')), parameters('destinationPortRanges'), json('[]'))]\",\r\n \"sourceAddressPrefix\": \"[if(variables('isSinglePrefix'), first(parameters('sourceAddressPrefixes')), '')]\",\r\n \"sourceAddressPrefixes\": \"[if(not(variables('isSinglePrefix')), parameters('sourceAddressPrefixes'), json('[]'))]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"[parameters('access')]\",\r\n \"priority\": \"[int(parameters('priority'))]\",\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"name\": {\r\n \"value\": \"[parameters('name')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[parameters('priority')]\"\r\n },\r\n \"access\": {\r\n \"value\": \"[parameters('access')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f283ec4-25a9-46df-bbf2-806ed5a3e115\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rs defaultvalue backslash\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Extensions to Exclude\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \".FWD;.GSC;.GSE;.MYD;.MYI;.SMD;.VAC;.BAK;.CHK;.FRM;.LDF;.LOG;.MBX;.MDF;.NDF;.TRN;.UND;.UNF;.UNH;.UNI;.UNQ;.UNS;.VHD;.VMDX;.WCI;.EDB;.SDS\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Paths to Exclude\",\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Sysvol;C:\\\\ProgramData\\\\Microsoft\\\\SharePoint;C:\\\\Program Files\\\\Common Files\\\\Microsoft Shared\\\\Web Server Extensions;C:\\\\Program Files\\\\Operations Manager;C:\\\\Program Files\\\\Microsoft Monitoring Agent;C:\\\\Program Files\\\\Microsoft Office Servers;C:\\\\Program Files\\\\Microsoft System Center 2012 R2\\\\Server;C:\\\\Program Files\\\\System Center Operations Manager;C:\\\\Program Files\\\\System Center Operations Manager 2007;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\NTDS;C:\\\\Windows\\\\System32\\\\LogFiles;C:\\\\Windows\\\\Sysvol;C:\\\\Program Files\\\\Double-Take Software;C:\\\\Program Files\\\\DoubleTake;C:\\\\Program Files\\\\Exchsrvr;C:\\\\Program Files\\\\Ipswitch;C:\\\\Program Files\\\\LogMeIn;C:\\\\Windows\\\\SoftwareDistribution\\\\Datastore;C:\\\\Windows\\\\Temp\\\\Gthrsvc\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Processes to Exclude\",\r\n \"description\": \"Semicolon delimited list of processes to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"HealthService.exe;ManagementService.exe;Microsoft.Mom.Sdk.Service.exe;Microsoft.Mom.ConfigServiceHost.exe;MonitoringHost.exe;pagefile.sys\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable real time protection\",\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Scheduled scans\",\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n },\r\n \"defaultValue\": \"false\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Scheduled Scan Type\",\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n },\r\n \"defaultValue\": \"Quick\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Day of Scheduled Scan\",\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n },\r\n \"defaultValue\": \"7\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Time of Scheduled Scan\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"120\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"value\": \"[parameters('ExclusionsExtensions')]\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"value\": \"[parameters('ExclusionsPaths')]\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"value\": \"[parameters('ExclusionsProcesses')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"[parameters('RealtimeProtectionEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsIsEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsDay')]\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsTime')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50877efd-8dd9-43d5-b4e6-3b70e64311b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50877efd-8dd9-43d5-b4e6-3b70e64311b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy key vault KV_B if key vault KV_A does not exist.\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy will deploy a key vault named KV_B if a key vault named KV_A does not exist.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"KV_B\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-10-01\",\r\n \"name\": \"KV_A\",\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"location\": \"eastus2\",\r\n \"properties\": {\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"sku\": {\r\n \"family\": \"A\",\r\n \"name\": \"standard\"\r\n },\r\n \"accessPolicies\": []\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50e2972e-143c-4edf-9ef6-bee0f84212d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaTestRbac\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Authorization/roleAssignments/principalId\",\r\n \"equals\": \"Admin\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/560482cd-dac5-41e6-9cef-b0aecd6020de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"560482cd-dac5-41e6-9cef-b0aecd6020de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : definition param with assignPermissions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/57ef268f-b414-436a-9894-125a81d80b30\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"57ef268f-b414-436a-9894-125a81d80b30\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"GokmenhAuditLocation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit if not west us\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5948d091-78b7-4d3b-a404-cc6a0329b0c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5948d091-78b7-4d3b-a404-cc6a0329b0c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"deployifnotexist template alias tests - redis\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/Redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/sku.family\",\r\n \"equals\": \"C\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"Whatever*\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"type\": \"string\"\r\n },\r\n \"nameField\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuFamilyOut\": {\r\n \"value\": \"[parameters('skuFamily')]\",\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPortOut\": {\r\n \"value\": \"[parameters('enableNonSslPort')]\",\r\n \"type\": \"string\"\r\n },\r\n \"nameFieldOut\": {\r\n \"value\": \"[parameters('nameField')]\",\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/sku.family')]\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/enableNonSslPort')]\"\r\n },\r\n \"nameField\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"exists\": \" false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca376\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca376\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86318519\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86318519\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallrules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"AllowAllWindowsAzureIps\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca600\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca600\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"exists\": \"true\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"notIn\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca8d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca8d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Test storage alias\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Test storage alias\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"type\": \"string\"\r\n },\r\n \"encrypt\": {\r\n \"type\": \"string\"\r\n },\r\n \"accessTier\": {\r\n \"type\": \"string\"\r\n },\r\n \"skuName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuNameOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('skuName')]\"\r\n },\r\n \"accessTierOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('accessTier')]\"\r\n },\r\n \"httpsOnlyOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('httpsOnly')]\"\r\n },\r\n \"encryptOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('encrypt')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly')]\"\r\n },\r\n \"encrypt\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/enableBlobEncryption')]\"\r\n },\r\n \"accessTier\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/accessTier')]\"\r\n },\r\n \"skuName\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/sku.name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5fa69139-9a49-464e-90b5-0d243a469138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5fa69139-9a49-464e-90b5-0d243a469138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit costcenter tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"value\": \"[resourceGroup().tags.CostCenter]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6ced0d17-98f3-41e2-8038-08c8f4fb90e3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6ced0d17-98f3-41e2-8038-08c8f4fb90e3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim Apply allowed tag and its default value\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"3\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n },\r\n \"allowedValues\": [\r\n \"TagA\",\r\n \"TagB\"\r\n ]\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6d1735de-f3e3-4c40-a8b2-7b3a1042a895\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6d1735de-f3e3-4c40-a8b2-7b3a1042a895\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": null\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"3\"\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"Metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The metric operator.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"The timeAggregation.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"The window size.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"The evaluation frequency.\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The action group id.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('alertNamePrefix'), '*')]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(toLower(parameters('alertNamePrefix')), uniqueString(resourceGroup().id))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6f2c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6f2c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testImageId\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"css\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"contains\": \"resourceGroups/testSandipsh\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/70dc1e8d-61c9-4089-8bf5-895b227c1298\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"70dc1e8d-61c9-4089-8bf5-895b227c1298\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"policyTrackedResources-sdk-tests\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"notIn\": [\r\n \"policyTrackedResources-sdk-tests-rule1\",\r\n \"policyTrackedResources-sdk-tests-rule2\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule1')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule2')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2001,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny if blob is not encrypted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/74d5cf40-7293-46a4-a285-7ea971e3719a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"74d5cf40-7293-46a4-a285-7ea971e3719a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Location restriction\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Policy to force allocations to a set of given locations\",\r\n \"metadata\": {\r\n \"category\": \"cstack\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/763dcd1d-a4a9-46a8-8bd3-357c4533a335\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"763dcd1d-a4a9-46a8-8bd3-357c4533a335\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83577342 deny proxy resource location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/83577342/home\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"eastus\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingjobs/transformations\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/77429b44-aac1-4417-a53e-6900c07e11ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"77429b44-aac1-4417-a53e-6900c07e11ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Block TLS < 1.2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/slots/config\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\r\n \"notEquals\": \"1.2\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/78c5df31-2f05-4f4d-acfe-3e536d88c1bc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"78c5df31-2f05-4f4d-acfe-3e536d88c1bc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny ActiveDirectory administrators\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/administrators/administratorType\",\r\n \"equals\": \"ActiveDirectory\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash weird chars\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR!@#$%^&*()_+=-{}[];:',.<>?~`/;C:\\\\hello\\\\there\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7f4d769f-78db-46eb-ac3c-0b8214f8c245\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f4d769f-78db-46eb-ac3c-0b8214f8c245\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock v2\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/83daa8ee-7c9a-470c-81a8-5a99ac09d134\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83daa8ee-7c9a-470c-81a8-5a99ac09d134\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"northwell.io\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/86cd412c-c557-473b-984c-a5f15cdcb116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86cd412c-c557-473b-984c-a5f15cdcb116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Parameterized effect (if location != eastus)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The policy effect.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"eastus\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"885f1dcb-a9c5-4c8c-8996-2702db44a2d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.xyz\",\r\n \"exists\": false\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8959fd87-c1dd-4831-9034-a4f876bee1cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8959fd87-c1dd-4831-9034-a4f876bee1cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Kubernetes ingress policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Only specified ingress is allowed based on names\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere applicability test 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/whatever\"\r\n },\r\n {\r\n \"field\": \"tags.applicability\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8e6b598c-1a45-404b-97dd-983e37c040da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8e6b598c-1a45-404b-97dd-983e37c040da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_ipRangeFilter\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/ipRangeFilter\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9012b1cd-b045-46c6-a510-6137e06a009c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elperetest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"value\": \"[resourceGroup().tags['Hyphen-test']]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9389a21b-2134-414a-a579-e9f2709b2131\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9389a21b-2134-414a-a579-e9f2709b2131\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash (array)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": [\r\n \"C:\\\\rs-pkgs\",\r\n \"C:\\\\System Volume Information\\\\DFSR\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/985adbc0-6d2e-448a-ac26-89d3688191d5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"985adbc0-6d2e-448a-ac26-89d3688191d5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github209\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/virtualNetworkRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9a060c03-fda7-4b0a-b4da-15e2b7e4d117\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9a060c03-fda7-4b0a-b4da-15e2b7e4d117\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - Subscription Lvl test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Subscriptionlevel auditIfNotExist policy\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a1b067c8-2970-4c0b-b0da-31ae7f33d1de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1b067c8-2970-4c0b-b0da-31ae7f33d1de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Noop\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Don't do anything\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"yabba\",\r\n \"dabba\",\r\n \"doo\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a309ad64-0bae-48d9-a6b1-d99c0b4218b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a309ad64-0bae-48d9-a6b1-d99c0b4218b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyof\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a337c781-c7d8-4e12-ae69-1951c7e74378\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a337c781-c7d8-4e12-ae69-1951c7e74378\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127 - better\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\",\r\n \"Deny\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"81196380\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure https traffic only for storage account\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure https traffic only for storage account\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"true\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscription name tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"add subscription name tag\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionname\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionname\",\r\n \"value\": \"[subscription().displayName]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d82a2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d82a2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Add subscription \\\"id\\\" tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.id\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.id\",\r\n \"value\": \"[subscription().id]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8339\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8339\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscriptionId tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionId\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionId\",\r\n \"value\": \"[subscription().subscriptionId]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8635\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8635\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgaNSGtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/aeb6a524-e3d1-4b8a-afa8-26ae4e291116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aeb6a524-e3d1-4b8a-afa8-26ae4e291116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed Location Indexed\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"hackathon policy\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Allowed-Locations-Indexed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Allowed-Locations-Indexed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if antiMalware extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy audits if the anti malware extension .\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/antiMalwareExtensionExists\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"antiMalwareExtensionExists\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Web socket must be disabled on App Services\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures web sockets are disabled on App Services.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/AppServiceWebSockets\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"AppServiceWebSockets\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure Security Center must be enabled\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures Azure Security Center is enabled.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ASCEnabled\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ASCEnabled\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and it's value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and its value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits if a required extension doesn't exist.\",\r\n \"parameters\": {\r\n \"publisher\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The publisher of the extension\",\r\n \"displayName\": \"Extension Publisher\"\r\n }\r\n },\r\n \"type\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The type of the extension\",\r\n \"displayName\": \"Extension Type\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"[parameters('publisher')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"[parameters('type')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/audit-vm-extension\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"audit-vm-extension\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"CanCrudPolicyAssignment Policy Definition $[Auto Test]\",\r\n \"policyType\": \"Custom\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"ResourceProviderTestHost/TestResourceType/TestResourceTypeNestedOne/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/azsmnet6487\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"azsmnet6487\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"89322663 audit diag setting\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"description\": \"The list of resources types to audit for missing diagnostic log settings.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"details\": {\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"equals\": \"true\",\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\"\r\n }\r\n ]\r\n },\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\"\r\n },\r\n \"effect\": \"AuditIfNotExists\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b350b9b0-8ba5-4867-bc9c-63b4544671b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b350b9b0-8ba5-4867-bc9c-63b4544671b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"makharchtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"policy\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b36f6195-0fc5-4a41-bbce-875248400f5f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b36f6195-0fc5-4a41-bbce-875248400f5f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash really long string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b9203c56-0565-434a-a315-87f4da9f21b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b9203c56-0565-434a-a315-87f4da9f21b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"NSG Rules exists test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].protocol\",\r\n \"notLike\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/bb6a78ae-8737-41e0-9c41-cc777c8c00a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bb6a78ae-8737-41e0-9c41-cc777c8c00a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"Category\": \"Flintstones\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"yabba\",\r\n \"dabba\",\r\n \"doo\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/BedrockPolicy\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"BedrockPolicy\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c0f586f1-abe5-4801-8588-7332e49e60c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c0f586f1-abe5-4801-8588-7332e49e60c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"234\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logprofiles\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/logprofiles\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Doublecheck the lifecycle tag policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy refers to tags['Lifecycle'], which with the current implementation of the escaped tags syntax will refer to a tag named 'Lifecycle' (quotes and all). This is a customer policy that would be broken when I switch the meaning of tags['Lifecycle'] to refer simply to a tag named Lifecycle (no quotes)\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['Lifecycle']\",\r\n \"notIn\": [\r\n \"dev\",\r\n \"tst\",\r\n \"stg\",\r\n \"prd\",\r\n \"trn\",\r\n \"prf\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c6be98a9-8108-40aa-b726-d2ae8e2891b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c6be98a9-8108-40aa-b726-d2ae8e2891b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe resource group auditIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c7b9982d-2f50-4730-935f-5c241982a441\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c7b9982d-2f50-4730-935f-5c241982a441\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed resource types\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": \"The list of allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('allowedTypes')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c872f951-1c5d-4c61-89dd-aee2350a11ba\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8b79b49-a579-4045-984e-1b249ab8b474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8cedfaa-4aa0-465a-8b90-49caf8177158\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8cedfaa-4aa0-465a-8b90-49caf8177158\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere css block NSG changes\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/95894791/home\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"nsgName\",\r\n \"description\": \"The name of the NSG.\"\r\n },\r\n \"defaultValue\": \"nsgName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('nsgName')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"fullName\",\r\n \"like\": \"[concat(parameters('nsgName'), '/*')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ca01432d-4278-45a6-8137-69f2155d2248\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ca01432d-4278-45a6-8137-69f2155d2248\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin empty string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure resource names meet the like condition for a pattern.\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"namePattern\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"namePattern\",\r\n \"description\": \"Pattern to use for names. Can include wildcard (*).\"\r\n },\r\n \"allowedValues\": [\r\n \"\",\r\n \"one\",\r\n \"two\"\r\n ],\r\n \"defaultValue\": \"\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('namePattern')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"camarvin-test-empty-assign\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere append 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.test\",\r\n \"value\": \"1\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny on 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.test\",\r\n \"equals\": \"1\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Resource name contains resource group name\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Require resources to contain the resource group's name\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"notContains\": \"[resourceGroup().name]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/contain-resource-group-name\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"contain-resource-group-name\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v3\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"third attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5002\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-deployIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"deploys a delete lock for a resource \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/0b88dfdb-55b3-4fb0-b474-5b6dcbe6b2ef/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"CanNotDelete\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {},\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"apiVersion\": \"2015-01-01\",\r\n \"name\": \"DeleteLock\",\r\n \"properties\": {\r\n \"level\": \"CanNotDelete\",\r\n \"notes\": \"prevent deletion\"\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5632\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5632\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce KeyVault diagnostic log storage (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"elperetest\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('elpere', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d0d9349d-843c-443a-9f27-5ce84f08c37e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d0d9349d-843c-443a-9f27-5ce84f08c37e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere template paramters function tests\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"testing strange array behavior\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"contains\": \"lmao\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"String\"\r\n },\r\n \"dataDisks\": {\r\n \"type\": \"object\"\r\n },\r\n \"osDisk\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmVar\": \"[parameters('vmName')]\",\r\n \"dataDisksVar\": \"[parameters('dataDisks')]\"\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"vmNameOut\": {\r\n \"value\": \"[variables('vmVar')]\",\r\n \"type\": \"String\"\r\n },\r\n \"dataDisksOut\": {\r\n \"value\": \"[concat(array(parameters('osDisk')), if(empty(parameters('dataDisks').rawValue), parameters('dataDisks').emptyArray, array(parameters('dataDisks').rawValue)))]\",\r\n \"type\": \"array\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"dataDisks\": {\r\n \"value\": {\r\n \"rawValue\": \"[field('Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.id')]\",\r\n \"emptyArray\": []\r\n }\r\n },\r\n \"osDisk\": {\r\n \"value\": \"[field('Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.id')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d2532053-bf59-4095-a1ae-2b7e4744f119\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d2532053-bf59-4095-a1ae-2b7e4744f119\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Access KV as part of remidiation deployment test (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"hello\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"outputs\": {\r\n \"testSecretOutput\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('testSecret')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"reference\": {\r\n \"keyVault\": {\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/elpere/providers/Microsoft.KeyVault/vaults/elpereKv\"\r\n },\r\n \"secretName\": \"test\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d35ce9be-f51b-4d3e-bc7f-dde2936381b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d35ce9be-f51b-4d3e-bc7f-dde2936381b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - inv\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"inv \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\",\r\n \"details\": {\r\n \"functionId\": \"subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourcegroups/AKif2WebApp/providers/Microsoft.Logic/workflows/deneme\",\r\n \"payload\": {\r\n \"locations\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d54722e7-4665-47ce-9a82-2f96cebfe238\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d54722e7-4665-47ce-9a82-2f96cebfe238\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - incident - gardner\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"name\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"text\": {\r\n \"type\": \"string\",\r\n \"value\": \"Policy executed for resource [parameters('name')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"name\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d54722e7-4665-47ce-9a82-2f96cebfe353\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d54722e7-4665-47ce-9a82-2f96cebfe353\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs (NSG level)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Overwrites security rules with IP restrictions at the NSG level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges may overlap.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"getNsgDeploymentName\": \"[concat('getNSGContent-', parameters('nsgName'))]\",\r\n \"collectorDeploymentName\": \"[concat('collectRules-', parameters('nsgName'))]\",\r\n \"overwriteNsgDeploymentName\": \"[concat('overwriteNsg-', parameters('nsgName'))]\",\r\n \"nsgResourceId\": \"[resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"nsgProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('nsgResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectorDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_collectRules_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"nsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"portRangesToRestrict\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_overwriteNSG_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"originalNsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"updatedSecurityRules\": {\r\n \"value\": \"[reference(variables('collectorDeploymentName')).outputs.updatedSecurityRules.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d7b13c30-e6aa-47e1-b50a-8e33f152d086\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d7b13c30-e6aa-47e1-b50a-8e33f152d086\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7121\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7126\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e712b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7130\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7135\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e713a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Audited skus\",\r\n \"description\": \"The list of skus.\",\r\n \"strongType\": \"storageSkus\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e90ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e90ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List Of Allowed SKUs\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"vmSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e9170\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e9170\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[elpere] deployIfNotExists Runners test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"deployIfNotExistsTestsRule\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/deployIfNotExistsTestsRule')]\",\r\n \"properties\": {\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbfa9fc0-5202-4001-8759-1aa2387f825b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbfa9fc0-5202-4001-8759-1aa2387f825b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"allowedOS\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"test_sandipsh\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedWindows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Windows VMs\",\r\n \"description\": \"The list of allowed VMs for Windows.\"\r\n }\r\n },\r\n \"listOfAllowedUbuntus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Ubuntu VMs\",\r\n \"description\": \"The list of allowed VMs for Ubuntu.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/disks\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"Canonical\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"UbuntuServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedUbuntus')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedWindows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services backup policies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"policies\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policies\",\r\n \"description\": \"The list of allowed Recovery Services backup policies.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n },\r\n \"policy\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policy\",\r\n \"description\": \"Allowed Recovery Services backup policy.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('policies')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('policy')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e3f9a624-b17d-4dc8-9649-65814d3241bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3f9a624-b17d-4dc8-9649-65814d3241bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"authSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their logs config\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"logs\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny changing sites authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"defaultValue: all parameters\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"defaultValue\"\r\n },\r\n \"parameters\": {\r\n \"locations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array)\",\r\n \"description\": \"The list of locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": [\r\n \"eastus\",\r\n \"westus\"\r\n ]\r\n },\r\n \"location\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string)\",\r\n \"description\": \"The location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"resourceGroups\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array)\",\r\n \"description\": \"The list of resource groups.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": [\r\n \"camarvin\"\r\n ]\r\n },\r\n \"resourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string)\",\r\n \"description\": \"The resource group.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": \"camarvin\"\r\n },\r\n \"tags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array)\",\r\n \"description\": \"The list of tags.\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"tag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string)\",\r\n \"description\": \"The tag.\"\r\n },\r\n \"defaultValue\": \"\"\r\n },\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array, av)\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": [\r\n \"eastus\"\r\n ]\r\n },\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string, av)\",\r\n \"description\": \"The allowed location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"allowedStorageSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array, av)\",\r\n \"description\": \"The list of allowed storage SKUs for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ]\r\n },\r\n \"allowedStorageSKU\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string, av)\",\r\n \"description\": \"The allowed storage SKU for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": \"Standard_LRS\"\r\n },\r\n \"allowedTags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array, av)\",\r\n \"description\": \"The list of allowed tags.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ]\r\n },\r\n \"allowedTag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string, av)\",\r\n \"description\": \"The allowed tag.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": \"FirstName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('locations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('resourceGroups')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('resourceGroup')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('tags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('tag')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedStorageSkus')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"Equals\": \"[parameters('allowedStorageSku')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedTags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"NotEquals\": \"[parameters('allowedTag')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ea1688b3-022e-4add-af39-2fe60689a3b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ea1688b3-022e-4add-af39-2fe60689a3b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny \\\"Allow All\\\" NSG rules\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies the creation of sourceAddressPrefix=\\\"*\\\", destinationPortRange=\\\"*\\\" NSG security rules\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"PortLockdown_AllowAll\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"notEquals\": \"4000\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github264\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/siteAuthSettings.enabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ef00ee9d-fe45-4d14-8bee-789eea392116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ef00ee9d-fe45-4d14-8bee-789eea392116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"GokmenhTestTagWithHyphen5\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"GokmenhTestTagWithHyphen5\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"value\": \"[resourceGroup().tags['Hyphen-test']]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/f2320be5-23be-4b58-8d8e-08c3044dd60f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f2320be5-23be-4b58-8d8e-08c3044dd60f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy enables you to audit your location.\",\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/LocationAuditDefinition\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"LocationAuditDefinition\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"northeurope\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/policy2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"policy2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps6386\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps6386\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9652\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps9652\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9867\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps9867\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test policy\",\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testSandipsh.draft\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testSandipsh.draft\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testtest\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"testtest\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testtest\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testtest\"\r\n }\r\n ]\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucz9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-request-id": [ + "westus2:5117c07f-293c-4d91-9ac1-8c9f54cba89a" + ], + "x-ms-correlation-request-id": [ + "3462cc73-846a-4c4b-ae1a-1a7240c6d155" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T193805Z:3462cc73-846a-4c4b-ae1a-1a7240c6d155" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 19:38:05 GMT" + ], + "Content-Length": [ + "487308" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines without disaster recovery configured\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"ASR-Protect-*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an Function app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"001802d1-4969-4c82-a700-c29c6c6f9bbd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"053d3325-282c-4e5c-b944-24faffd30d77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Data Lake Store\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057ef27e-665e-4328-8ea3-04b3122bd9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL DB Level Audit Setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit DB level audit setting for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit VMs that do not use managed disks\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0868462e-646c-4fe3-9ced-a733534b6a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08b17839-76c6-4015-90e0-33d9d54d219c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit minimum number of owners for subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate more than one subscription owner in order to have administrator access redundancy.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateMoreThanOneOwner\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted VM Disks in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0961003e-5a0a-4549-abde-af6a37f2724d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit resource location matches resource group location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that the resource location matches its resource group location\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"notIn\": [\r\n \"[resourcegroup().location]\",\r\n \"global\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a914e76-4921-4c19-b460-a2d36003525a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an function app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e60b895-3786-45da-8377-9c6b4b6ac5f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11ac78e3-31bc-4f0c-8434-37ab963cea07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the required content to audit that an application is installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"WhitelistedApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WhitelistedApplication\"\r\n },\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"installedApplication\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[Parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit transparent data encryption status\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit transparent data encryption status for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"enabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17k78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1c210e94-a481-4beb-95fa-1571b434fb04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicCompute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d84d5fb-01f6-4d12-ba4f-4a26081d403d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1de7b11d-1870-41a5-8181-507e7c663cfb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enforces a required tag and its value. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e30110a-5ceb-460c-a204-c1c3969c6d62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit provisioning of an Azure Active Directory administrator for SQL server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/administrators\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f314764-cb73-4fc9-b863-8eca98ac36e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected web application in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Web applications without a Web Application Firewall protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\",\r\n \"Microsoft.Web/hostingEnvironments\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201ea587-7c90-41c3-910f-c280ae01cfd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a API app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"224da9fe-0d38-4e79-adb3-0a6e2af942ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of only secure connections to your Redis Cache\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Cache\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22bee202-a82f-4305-9a2a-6d7f44d4dedb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordLength\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordLength\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit configuration of metric alert rules on Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit configuration of metric alert rules on Batch account to enable the required metric\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/alertRules\",\r\n \"existenceScope\": \"Subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\r\n \"equals\": \"[parameters('metricName')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\r\n \"equals\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', field('name'))]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Microsoft IaaSAntimalware extension for Windows Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys a Microsoft IaaSAntimalware extension with a default configuraion when a VM is not configured with the antimalware extension.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of process names to exclude from scanning\"\r\n }\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"false\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Quick\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"7\",\r\n \"metadata\": {\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"120\",\r\n \"metadata\": {\r\n \"description\": \"When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM.\"\r\n }\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2835b622-407b-4114-9198-6f7064cbe0dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Applies a required tag and its default value if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fde8a98-6892-426a-83ba-050e640c0ce0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32133ab0-ee4b-4b44-98d6-042180979d50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid232\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"equals\": \"Allow\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34c877ad-507e-4c82-993e-3452a6e0ad3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Logic Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Logic Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34f95f76-5386-4de7-b824-0d8478470c9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MaximumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MaximumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enablement of encryption of Automation account variables\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is important to enable encryption of Automation account variable assets when storing sensitive data\",\r\n \"metadata\": {\r\n \"category\": \"Automation\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts/variables\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Automation/automationAccounts/variables/isEncrypted\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3657f5a0-770e-44a3-b44e-9431ba1e9735\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Threat Detection is enabled on SQL Servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicStorage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in IoT Hubs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Internet of Things\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Devices/IotHubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"383856f8-de7f-44a2-81fc-e5135b5c2aa4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c1b3629-c8f8-4bf6-862c-037cb9094038\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Log Analytics Agent for Ubuntu VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace\",\r\n \"metadata\": {\r\n \"category\": \"Compute\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\",\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\",\r\n \"14.04.2-LTS\",\r\n \"12.04.5-LTS\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fe37002-5d00-4b37-a301-da09e3a0ca66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit secure transfer to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit requirment of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"404c3081-a854-4457-ae30-26a93ef643f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"428256e6-1fac-4f48-a757-df34c2b3336d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor permissive network access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"permissiveNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44452482-524f-4bf4-b852-0bff7cc4a3ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require SQL Server version 12.0\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures all SQL servers use version 12.0\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/version\",\r\n \"equals\": \"12.0\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46544d7b-1f0d-46f5-81da-5c1351de1b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce automatic OS upgrade with app health checks on VMSS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces usage of automatic OS upgrade with application health checks through health probes, which enables safer rollout by evaluating application health after each OS upgrade batch.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade\",\r\n \"equals\": \"True\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/networkProfile.healthProbe.id\",\r\n \"exists\": \"False\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f0161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible app Whitelisting in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible Application Whitelist configuration will be monitored by Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"applicationWhitelisting\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47a6b606-51aa-4496-8bb7-64b11cf66adc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48893b84-a2c8-4d9a-badf-835d5d1b7d53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Applies a required tag and its default value to resource groups if it is not specified by the user.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d1c04de-2172-403f-901b-90608c35c721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit maximum number of owners for a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateLessThanXOwners\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healty\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f11b553-d42e-4e3a-89be-32ca364cad4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with write permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df82f4f-773a-4a2d-97a2-422a806f1a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in India data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: West India, South India, Central India\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with read permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit the setting of ClusterProtectionLevel property to EncryptAndSign in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].name\",\r\n \"notEquals\": \"Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name\",\r\n \"notEquals\": \"ClusterProtectionLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value\",\r\n \"notEquals\": \"EncryptAndSign\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"617c02be-7f02-4efd-8836-3180d47b6c68\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit missing blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits storage accounts without blob encryption. It only applies to Microsoft.Storage resource types, not other storage providers. Possible network Just In Time access will be monitored by Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"655cb504-bcee-4362-bd4c-402e6aa38759\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a Function app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"664346d9-be92-43fb-a219-d595eeb76a90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a web application from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8450e2-6c61-43b4-be65-62e3a197bffe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization cannot deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that cannot be deployed.\",\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesNotAllowed')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdb9205-3462-4cfc-87d8-16c7860b53f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"EnforcePasswordHistory\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed storage account SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"StorageSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7433c107-6db4-4ad1-b57a-a76dce0154a1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in App Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"752c6934-9bcc-4749-b004-655e676ae2ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor VM Vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"vulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"760a85ff-6162-42b3-8d70-698e268f648c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"IaaSDiagnostics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Diagnostics\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"LinuxDiagnostic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.OSTCExtensions\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c1b1214-f927-48bf-8882-84f0af6588b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e56b49b-5990-4159-a734-511ea19b731c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordMustMeetComplexityRequirements\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit diagnostic setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f89b1eb-583c-429a-8828-af049802c1d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a214f7-d01a-484b-91a9-ed54470c9a6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy SQL DB transparent data encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enables transparent data encryption on SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('fullDbName'), '/current')]\",\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"apiVersion\": \"2014-04-01\",\r\n \"properties\": {\r\n \"status\": \"Enabled\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"value\": \"[field('fullName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing system updates in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Missing security system updates on your servers will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"systemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86b3d65f-7626-441e-b690-81a8b71cff60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"not_installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"not_installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"884b209a-963b-4520-8006-d20cb3c213e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces a required tag and its value on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce3da23-7156-49e4-b145-24f95f9dcb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"StorePasswordsUsingReversibleEncryption\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9297c21d-2ed6-4474-b48f-163f75654ce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in European data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: North Europe, West Europe\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"northeurope\",\r\n \"westeurope\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"94c19f19-8192-48cd-a11b-e37099d3e36b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in United States data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"centralus\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"northcentralus\",\r\n \"southcentralus\",\r\n \"westus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"983211ba-f348-4758-983b-21fa29294869\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9bfe3727-0a17-471f-a2fe-eddd6b668745\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected network endpoints in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network endpoints without a Next Generation Firewall's protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedNetworkEndpoint\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9daedab3-fb2d-461e-b861-71790eead4f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that can be deployed.\",\r\n \"displayName\": \"Allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesAllowed')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a08ec900-254a-4555-9bf5-e42af04b5c5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Service Bus namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1817ec0-a368-432a-8057-8371e17ac6ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a451c1ef-c6ca-483d-87ed-f49761e3ffb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL server level Auditing settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audits the existence of SQL Auditing at the server level\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Desired Auditing setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enabled\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit standard tier of DDoS protection is enabled for a virtual network\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableDDoSProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce encryption on Data Lake Store accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures encryption is enabled on all Data Lake Store accounts\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DataLakeStore/accounts/encryptionState\",\r\n \"equals\": \"Disabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7ff3161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unencrypted SQL servers or databases will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a8bef009-a5c9-4d0f-90d7-6018734e8a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy network watcher when virtual networks are created\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"networkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[field('location')]\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-09-01\",\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"name\": \"[concat('networkWacher_', parameters('location'))]\",\r\n \"location\": \"[parameters('location')]\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with owner permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa633080-8b72-40c4-a2d7-d00c03e80bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Automatic provisioning of security monitoring agent\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Installs security agent on VMs for advanced security alerts and preventions in Azure Security Center. Applies only for subscriptions that use Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"securityAgent\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abcc6037-1fc4-47f6-aac5-89706589be24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'environment' tag value in allowed values\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.environment\",\r\n \"in\": [\r\n \"production\",\r\n \"dev\",\r\n \"test\",\r\n \"staging\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"endpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af6cd1bd-1635-48cb-bde7-5b15693900b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unaudited SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"SQL servers and databases which doesn't have SQL auditing turned on will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"auditing\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af8051bf-258b-44e2-a2bf-165330459f9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible network Just In Time (JIT) access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"jitNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM /etc/passwd file permissions are set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Event Hub namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b278e460-7cfc-4451-8294-cccc40a940d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"AuditSecureProtocol\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AuditSecureProtocol\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs for Search service\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Search\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an API app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b48334a4-911b-4084-b1ab-3e6a4e50b951\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of Azure Active Directory for client authentication in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit usage of client authentication only via Azure Active Directory in Service Fabric\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b54ed75b-3e1a-44ac-a333-05ba39b99ff0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be0a7681-bed4-48dc-9ff3-f0171ee170b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Asia data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastasia\",\r\n \"southeastasia\",\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\",\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Data Lake Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply Diagnostic Settings for Network Security Groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy automatically deploys diagnostic settings to network security groups.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist)\",\r\n \"description\": \"This resource group must already exist\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setbypolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"rgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"storageDeployName\": \"[concat('policyStorage_', uniqueString(parameters('location'), parameters('nsgName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('nsgName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [\r\n \"[variables('storageDeployName')]\"\r\n ],\r\n \"properties\": {\r\n \"storageAccountId\": \"[reference(variables('storageDeployName')).outputs.storageAccountId.value]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('storageDeployName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('rgName')]\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-06-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[concat(parameters('storageprefix'), parameters('location'))]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"location\": \"[parameters('location')]\",\r\n \"tags\": {\r\n \"created-by\": \"policy\"\r\n },\r\n \"scale\": null,\r\n \"properties\": {\r\n \"networkAcls\": {\r\n \"bypass\": \"AzureServices\",\r\n \"defaultAction\": \"Allow\",\r\n \"ipRules\": [],\r\n \"virtualNetworkRules\": []\r\n },\r\n \"supportsHttpsTrafficOnly\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"storageAccountId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[resourceId(parameters('rgName'), 'Microsoft.Storage/storageAccounts',concat(parameters('storagePrefix'), parameters('location')))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('rgName')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb510bfd-1cba-4d9f-a230-cb0976f4bb71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed virtual machine SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for virtual machines.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cccc23c7-8427-4f53-ad12-b6a63eb452b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'department' tag set\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation only if the 'department' tag is set\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags\",\r\n \"containsKey\": \"department\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd8dc879-a2ae-43c3-8211-1877c5755064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Key Vault\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf820ca0-f99e-4f3e-84fb-66e913812d21\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Function Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a Function app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a web application from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd2ea520-6b06-45c3-806e-ea297c23e06a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e01598e8-6538-41ed-95e8-8b29746cd697\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor OS vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"osVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3576e28-8b17-4677-84c3-db2990658d64\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"global\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"notEquals\": \"Microsoft.AzureActiveDirectory/b2cDirectories\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e56962a6-4747-49cd-b67b-bf8b01975c4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Node.js Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Node.js version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestNodeJS\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e67687e8-08d5-4e7f-8226-5b4753bba008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations for resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that resource groups can be created in.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e765b5de-1225-4ba3-bd56-1ac6695af988\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within a web application must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e797f851-8be7-4c40-bb56-2e3395215b0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an API app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration and Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid110\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"NotInstalledApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"NotInstalledApplication\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[Parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0633351-c7b2-41ff-9981-508fc08553c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid121\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if they not logging to the LA workspace specified in the policy/initiative assignment.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"notEquals\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f47b5582-33ec-4c5c-87c0-b010a6b2e917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of authorization rules on Event Hub entities\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit existence of authorization rules on Event Hub entities to grant least-privileged access\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/eventhubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/eventHubs/authorizationRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4826e5f-6a27-407c-ae3e-9582eb39891d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Auditing on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\",\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8456c1c-aa66-4dfb-861a-25d127b775c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Service Bus\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Stream Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Stream Analytics\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingJobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits that the specified application is installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor SQL vulnerability assessment results in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedinstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"feedbf84-6b99-488c-acc2-71c829aa5ffc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"cheggert: Append VMSS extension\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/virtualMachineProfile\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*].type\",\r\n \"notEquals\": \"GenevaMonitoring\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*]\",\r\n \"value\": {\r\n \"name\": \"Microsoft.Azure.Geneva.GenevaMonitoring\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Geneva\",\r\n \"type\": \"GenevaMonitoring\",\r\n \"typeHandlerVersion\": \"1.8\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {}\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/01b105ed-6ded-4a1d-894c-df85fd9351cb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"01b105ed-6ded-4a1d-894c-df85fd9351cb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage_httpsTrafficOnly\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/023217dd-81bb-461f-93ea-8799caac50c7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"023217dd-81bb-461f-93ea-8799caac50c7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"This shouldn't work\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This customer's policy is attempting to append multiple tags at once. I expect it will just append one tag with a really long name\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"value\": [\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04183864-11ae-4e7a-aadb-c600e40ed1b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04183864-11ae-4e7a-aadb-c600e40ed1b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Inherit named tag from resource group\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Applies the tag value from the resource group if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[resourcegroup().tags[parameters('tagName')]]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04904947-4d10-4454-9a50-f423d590e11b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04904947-4d10-4454-9a50-f423d590e11b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : AuditIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"deploys a delete lock for a resource \",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/0b88dfdb-55b3-4fb0-b474-5b6dcbe6b2ef/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"CanNotDelete\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {},\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"apiVersion\": \"2015-01-01\",\r\n \"name\": \"DeleteLock\",\r\n \"properties\": {\r\n \"level\": \"CanNotDelete\",\r\n \"notes\": \"prevent deletion\"\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ddd96d8-fccd-40cb-81d2-5072a4ed061c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ddd96d8-fccd-40cb-81d2-5072a4ed061c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robga-nsgtemplate-test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ddfee46-9b63-4313-a529-cfbf968d8118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ddfee46-9b63-4313-a529-cfbf968d8118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akif incident - 85944710\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 85944710\\nhttps://icm.ad.msft.net/imp/v3/incidents/details/85944710/home\\n\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af12870bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af12870bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"second attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af1287abe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af1287abe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"chegg: Deploy azsecpack autoupgrade (VMSS)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n }\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*].name\",\r\n \"notEquals\": \"Microsoft.Azure.Geneva.GenevaMonitoring\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"Microsoft.Azure.Geneva.GenevaMonitoring\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"GenevaMonitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Geneva\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/enableAutomaticUpgrade\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-10-01\",\r\n \"name\": \"[concat(parameters('vmssName'), '/Microsoft.Azure.Geneva.GenevaMonitoring')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"enableAutomaticUpgrade\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ec05dac-e529-48ef-8c20-f7e6af99a12b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ec05dac-e529-48ef-8c20-f7e6af99a12b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/123c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"123c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim nsg repro\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"fix\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/14ac45e9-df97-455d-b6ee-dd216f15f694\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"14ac45e9-df97-455d-b6ee-dd216f15f694\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim-incident-86226837-fix\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"1 - reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/15358dd8-671e-4c96-be33-2b668791418f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"15358dd8-671e-4c96-be33-2b668791418f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Attempt service bus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logProfiles\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logProfiles/serviceBusRuleId\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/163c640e-681c-445f-92ba-cd434bd8c11c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"163c640e-681c-445f-92ba-cd434bd8c11c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.zyx\",\r\n \"exists\": \"false\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/17d43473-870f-4bc8-93c6-3961fa1d91cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17d43473-870f-4bc8-93c6-3961fa1d91cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"peterhaugeaudit\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Testing resource group in IfNotExists (not the intent of the original policy, but looks like there's some weirdness here)\\n\\nChanged: Microsoft.Resources/subscriptions/resourceGroups to Microsoft.Resources/resourceGroups\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"name\": \"EnforceServicePrincipalAccessToDevTestLabsResourceGroups\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/19153189-4506-4910-b7bc-756e0188a6f2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"19153189-4506-4910-b7bc-756e0188a6f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit all tags\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"tags\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags\",\r\n \"value\": \"[resourceGroup().tags]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1e3c9312-c011-40a3-ac40-3bf3ddc24120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e3c9312-c011-40a3-ac40-3bf3ddc24120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource group locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Allowed resource group locations\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f20036f-28c3-48f3-9266-05d50fe391f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f20036f-28c3-48f3-9266-05d50fe391f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"docdb_aliases_test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/isVirtualNetworkFilterEnabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f5360b7-fe59-43f7-8af5-825df420d09c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f5360b7-fe59-43f7-8af5-825df420d09c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ovewrites security rules with IP restrictions at the securityRule level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Limit to one protocol. The most inclusive should come last. I.e. 22;22-22;22-23\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"priority\": {\r\n \"type\": \"int\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[parameters('fullRuleName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-02-01\",\r\n \"properties\": {\r\n \"protocol\": \"*\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[last(parameters('destinationPortRanges'))]\",\r\n \"access\": \"Allow\",\r\n \"direction\": \"Inbound\",\r\n \"priority\": \"[parameters('priority')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[field('Microsoft.Network/networksecurityGroups/securityRules/priority')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"20c4afd0-8a77-4433-b8b0-4ad06e4c7111\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy NSGs on Subnets\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforce that all subnets have a Network Security Group. If a subnet does not have one an NSG with the default Internet Exposed Endpoint restrictions will be created and associated with it.\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string to apply to all automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges must not overlap.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks/subnets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"notEquals\": \"null\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgPrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"nsgName\": \"[concat(parameters('nsgPrefix'), '-', parameters('location'))]\",\r\n \"vnetName\": \"[split(parameters('fullResourceName'), '/')[0]]\",\r\n \"vnetResourceId\": \"[resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))]\",\r\n \"getVnetDeploymentName\": \"[concat('getVnet-', variables('vnetName'))]\",\r\n \"collectSubnetsDeploymentName\": \"[concat('collectSubnets-', variables('vnetName'))]\",\r\n \"overwriteVnetDeploymentName\": \"[concat('overwriteVnet-', variables('vnetName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"vnetProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('vnetResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[variables('nsgName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"securityRules\": [\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Restrict\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from specific IP ranges (either corpnet or SAW)\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3997,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_AllowVnet\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from within the VNET\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"VirtualNetwork\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3998,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Deny\",\r\n \"properties\": {\r\n \"description\": \"Deny any controlled port connections that aren't explicitly allowed in higher priority rules\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 3999,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_AllowAll\",\r\n \"properties\": {\r\n \"description\": \"Allow all inbound traffic that isn't explicitly blocked by Port Lockdown restrictions\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 4000,\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectSubnetsDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_collectSubnets_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"nsgResourceId\": {\r\n \"value\": \"[resourceid('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"dependsOn\": [\r\n \"[variables('nsgName')]\"\r\n ],\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_overwriteVnet_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"updatedSubnets\": {\r\n \"value\": \"[reference(variables('collectSubnetsDeploymentName')).outputs.updatedSubnets.value]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"nsgPrefix\": {\r\n \"value\": \"[parameters('nsgPrefix')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/210ed8bd-6b07-4d5e-a62c-c34f07293288\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"210ed8bd-6b07-4d5e-a62c-c34f07293288\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit all Microsoft.Web/sites/config/authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/211a466d-b2be-46e8-b029-8c28f566f118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"211a466d-b2be-46e8-b029-8c28f566f118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of a tag2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits that a required tag is present on resources\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"notcontainsKey\": \"[parameters('tagName')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24813039-7534-408a-9842-eb99f45721b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append single location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.locationTest\",\r\n \"value\": \"[parameters('allowedLocation')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin oms vm linux parameterized effect\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"263f13f4-6b88-4788-bead-34beedde70ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere strange alias in field function\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"Tags['asdasd']\",\r\n \"equals\": \"[concat('whatever', 'a')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/26556185-593c-4866-9c0c-114ac0bf6120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26556185-593c-4866-9c0c-114ac0bf6120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test guest assignment\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/28e54a72-2fd7-40d3-afe2-b05423e0147a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"28e54a72-2fd7-40d3-afe2-b05423e0147a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"2nd attempt on this policy. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"notIn\": \"[parameters('allowedLocations')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd60841400\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd60841400\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-combined\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"the combined policy attempt for both cosmos db cases. \",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"locationNames\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd6084180f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd6084180f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage ip rules append 2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.ipRules\",\r\n \"value\": [\r\n {\r\n \"value\": \"8.8.8.8\",\r\n \"action\": \"Allow\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/2b2317a7-ab02-47b5-8159-eb7e6227709f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2b2317a7-ab02-47b5-8159-eb7e6227709f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[demo] Enforce KeyVault diagnostic log storage\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"[tolower(concat('cheggkv', parameters('location')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('cheggremdemo', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/332ce4ac-9200-4573-8c66-92b85fc82c8d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"332ce4ac-9200-4573-8c66-92b85fc82c8d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_enableAutomaticFailover\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/enableAutomaticFailover\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_defaultConsistencyLevel\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/consistencyPolicy.defaultConsistencyLevel\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0b7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_readLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_writeLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_failoverPolicies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd160\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c0df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c0df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL and Managed Instance TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c144\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c144\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services vaults test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"vault\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vault\",\r\n \"description\": \"The Recovery Services Vault.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n },\r\n \"vaults\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vaults\",\r\n \"description\": \"The list of Recovery Services Vaults.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('vault')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('vaults')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b2c1b0f-63c5-4943-8578-6d37fbe411bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b2c1b0f-63c5-4943-8578-6d37fbe411bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b788cf8-ff6f-4075-86a1-ab76270790e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b788cf8-ff6f-4075-86a1-ab76270790e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3cc5820a-cbb8-4977-9c90-d90ced95f12c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3cc5820a-cbb8-4977-9c90-d90ced95f12c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Name should have prefix and suffix\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Name should have prefix and suffix\",\r\n \"parameters\": {\r\n \"prefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The prefix\",\r\n \"description\": \"The name prefix\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"suffix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The suffix\",\r\n \"description\": \"The name suffix.\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('prefix'), '*', parameters('suffix'))]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e275e2e-a157-4ade-8f91-43b3ea370007\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e275e2e-a157-4ade-8f91-43b3ea370007\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Restrict VM skus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Restricts allowed VM skus to a predefined regex\",\r\n \"parameters\": {\r\n \"allowedSkuTemplate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed VM sku template\",\r\n \"description\": \"The VM sku template. Supports wildcards via '*'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"like\": \"[parameters('allowedSkuTemplate')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e34c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e34c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKU\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits the use of storage account SKUs that don't meet organizational cost policy.\",\r\n \"parameters\": {\r\n \"listOfAllowedSkus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of allowed SKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSkus')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e3682\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e3682\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaDataFactoryTest1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"RobgaDataFactoryTest\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataFactory/factories\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/robgatestworkspace/providers/Microsoft.OperationalInsights/workspaces/robgatestworkspace\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce autoUpgrade on VM/VMSS extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies any VM or VMSS extensions that do not have autoUpgradeMinorVersion set to true.\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f772\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f772\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically enabled autoUpgradeMinorVersion on VM extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f783\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f783\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM scale set extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically appends autoUpgradeMinorVersion=true to VMSS extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f7a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f7a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService must use serverFarm\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService serverFarm must have capacity > 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/serverFarms\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/serverFarms/sku.capacity\",\r\n \"in\": [\r\n \"0\",\r\n \"1\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc23\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc23\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Do_Not_Delete\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy is used for unit tests. Please do not delete it.\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4a0425e4-97bf-4ad0-ab36-145b94083c60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4a0425e4-97bf-4ad0-ab36-145b94083c60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny MySQL firewallRules starting with 0\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4b94c320-ce63-4fb6-ba9d-7dbe648b90de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4b94c320-ce63-4fb6-ba9d-7dbe648b90de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83686598\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"deny the creation of storage if supportsHttpsTrafficOnly is false\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"detect 'allow All' NSG rule\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c915617-16f0-4c62-b021-e66d5409d11d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c915617-16f0-4c62-b021-e66d5409d11d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332195\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332199\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332199\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny storage container creation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts/blobServices/containers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4d2f8837-7acb-4488-b580-95960ee3f116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d2f8837-7acb-4488-b580-95960ee3f116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure auto-created NSG rules exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ensures that security rules created in auto-created PortLockdown NSGs are not tampered with\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string applied to automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to in the expected security rule. I.e. 192.4.0.0/8;192.5.0.0/8 or *\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions in the expected security rule\"\r\n }\r\n },\r\n \"priority\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected priority\",\r\n \"description\": \"The priority of the expected security rule.\"\r\n }\r\n },\r\n \"access\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected access\",\r\n \"description\": \"The access (allow/deny) of the expected security rule.\"\r\n },\r\n \"allowedValues\": [\r\n \"Allow\",\r\n \"Deny\"\r\n ]\r\n },\r\n \"name\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected name\",\r\n \"description\": \"The name of the expected security rule.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('nsgPrefix'), '-', field('location'))]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"equals\": \"[parameters('priority')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"[parameters('access')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"name\": {\r\n \"type\": \"string\"\r\n },\r\n \"priority\": {\r\n \"type\": \"string\"\r\n },\r\n \"access\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"isSinglePrefix\": \"[equals(count(parameters('sourceAddressPrefixes')), 1)]\",\r\n \"isSinglePortRange\": \"[equals(count(parameters('destinationPortRanges')), 1)]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('nsgName'), '/', parameters('name'))]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"properties\": {\r\n \"description\": \"Rule auto-created by Internet Exposed Endpoints protection\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[if(variables('isSinglePortRange'), first(parameters('destinationPortRanges')), '')]\",\r\n \"destinationPortRanges\": \"[if(not(variables('isSinglePortRange')), parameters('destinationPortRanges'), json('[]'))]\",\r\n \"sourceAddressPrefix\": \"[if(variables('isSinglePrefix'), first(parameters('sourceAddressPrefixes')), '')]\",\r\n \"sourceAddressPrefixes\": \"[if(not(variables('isSinglePrefix')), parameters('sourceAddressPrefixes'), json('[]'))]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"[parameters('access')]\",\r\n \"priority\": \"[int(parameters('priority'))]\",\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"name\": {\r\n \"value\": \"[parameters('name')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[parameters('priority')]\"\r\n },\r\n \"access\": {\r\n \"value\": \"[parameters('access')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f283ec4-25a9-46df-bbf2-806ed5a3e115\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rs defaultvalue backslash\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Extensions to Exclude\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \".FWD;.GSC;.GSE;.MYD;.MYI;.SMD;.VAC;.BAK;.CHK;.FRM;.LDF;.LOG;.MBX;.MDF;.NDF;.TRN;.UND;.UNF;.UNH;.UNI;.UNQ;.UNS;.VHD;.VMDX;.WCI;.EDB;.SDS\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Paths to Exclude\",\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Sysvol;C:\\\\ProgramData\\\\Microsoft\\\\SharePoint;C:\\\\Program Files\\\\Common Files\\\\Microsoft Shared\\\\Web Server Extensions;C:\\\\Program Files\\\\Operations Manager;C:\\\\Program Files\\\\Microsoft Monitoring Agent;C:\\\\Program Files\\\\Microsoft Office Servers;C:\\\\Program Files\\\\Microsoft System Center 2012 R2\\\\Server;C:\\\\Program Files\\\\System Center Operations Manager;C:\\\\Program Files\\\\System Center Operations Manager 2007;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\NTDS;C:\\\\Windows\\\\System32\\\\LogFiles;C:\\\\Windows\\\\Sysvol;C:\\\\Program Files\\\\Double-Take Software;C:\\\\Program Files\\\\DoubleTake;C:\\\\Program Files\\\\Exchsrvr;C:\\\\Program Files\\\\Ipswitch;C:\\\\Program Files\\\\LogMeIn;C:\\\\Windows\\\\SoftwareDistribution\\\\Datastore;C:\\\\Windows\\\\Temp\\\\Gthrsvc\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Processes to Exclude\",\r\n \"description\": \"Semicolon delimited list of processes to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"HealthService.exe;ManagementService.exe;Microsoft.Mom.Sdk.Service.exe;Microsoft.Mom.ConfigServiceHost.exe;MonitoringHost.exe;pagefile.sys\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable real time protection\",\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Scheduled scans\",\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n },\r\n \"defaultValue\": \"false\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Scheduled Scan Type\",\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n },\r\n \"defaultValue\": \"Quick\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Day of Scheduled Scan\",\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n },\r\n \"defaultValue\": \"7\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Time of Scheduled Scan\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"120\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"value\": \"[parameters('ExclusionsExtensions')]\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"value\": \"[parameters('ExclusionsPaths')]\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"value\": \"[parameters('ExclusionsProcesses')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"[parameters('RealtimeProtectionEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsIsEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsDay')]\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsTime')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50877efd-8dd9-43d5-b4e6-3b70e64311b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50877efd-8dd9-43d5-b4e6-3b70e64311b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy key vault KV_B if key vault KV_A does not exist.\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy will deploy a key vault named KV_B if a key vault named KV_A does not exist.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"KV_B\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-10-01\",\r\n \"name\": \"KV_A\",\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"location\": \"eastus2\",\r\n \"properties\": {\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"sku\": {\r\n \"family\": \"A\",\r\n \"name\": \"standard\"\r\n },\r\n \"accessPolicies\": []\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50e2972e-143c-4edf-9ef6-bee0f84212d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaTestRbac\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Authorization/roleAssignments/principalId\",\r\n \"equals\": \"Admin\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/560482cd-dac5-41e6-9cef-b0aecd6020de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"560482cd-dac5-41e6-9cef-b0aecd6020de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : definition param with assignPermissions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/57ef268f-b414-436a-9894-125a81d80b30\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"57ef268f-b414-436a-9894-125a81d80b30\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"GokmenhAuditLocation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit if not west us\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5948d091-78b7-4d3b-a404-cc6a0329b0c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5948d091-78b7-4d3b-a404-cc6a0329b0c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"deployifnotexist template alias tests - redis\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/Redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/sku.family\",\r\n \"equals\": \"C\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"Whatever*\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"type\": \"string\"\r\n },\r\n \"nameField\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuFamilyOut\": {\r\n \"value\": \"[parameters('skuFamily')]\",\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPortOut\": {\r\n \"value\": \"[parameters('enableNonSslPort')]\",\r\n \"type\": \"string\"\r\n },\r\n \"nameFieldOut\": {\r\n \"value\": \"[parameters('nameField')]\",\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/sku.family')]\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/enableNonSslPort')]\"\r\n },\r\n \"nameField\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"exists\": \" false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca376\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca376\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86318519\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86318519\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallrules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"AllowAllWindowsAzureIps\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca600\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca600\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"exists\": \"true\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"notIn\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca8d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca8d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Test storage alias\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Test storage alias\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"type\": \"string\"\r\n },\r\n \"encrypt\": {\r\n \"type\": \"string\"\r\n },\r\n \"accessTier\": {\r\n \"type\": \"string\"\r\n },\r\n \"skuName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuNameOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('skuName')]\"\r\n },\r\n \"accessTierOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('accessTier')]\"\r\n },\r\n \"httpsOnlyOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('httpsOnly')]\"\r\n },\r\n \"encryptOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('encrypt')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly')]\"\r\n },\r\n \"encrypt\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/enableBlobEncryption')]\"\r\n },\r\n \"accessTier\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/accessTier')]\"\r\n },\r\n \"skuName\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/sku.name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5fa69139-9a49-464e-90b5-0d243a469138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5fa69139-9a49-464e-90b5-0d243a469138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit costcenter tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"value\": \"[resourceGroup().tags.CostCenter]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6ced0d17-98f3-41e2-8038-08c8f4fb90e3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6ced0d17-98f3-41e2-8038-08c8f4fb90e3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim Apply allowed tag and its default value\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"3\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n },\r\n \"allowedValues\": [\r\n \"TagA\",\r\n \"TagB\"\r\n ]\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6d1735de-f3e3-4c40-a8b2-7b3a1042a895\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6d1735de-f3e3-4c40-a8b2-7b3a1042a895\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": null\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"3\"\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"Metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The metric operator.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"The timeAggregation.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"The window size.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"The evaluation frequency.\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The action group id.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('alertNamePrefix'), '*')]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(toLower(parameters('alertNamePrefix')), uniqueString(resourceGroup().id))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6f2c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6f2c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testImageId\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"css\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"contains\": \"resourceGroups/testSandipsh\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/70dc1e8d-61c9-4089-8bf5-895b227c1298\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"70dc1e8d-61c9-4089-8bf5-895b227c1298\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"policyTrackedResources-sdk-tests\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"notIn\": [\r\n \"policyTrackedResources-sdk-tests-rule1\",\r\n \"policyTrackedResources-sdk-tests-rule2\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule1')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule2')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2001,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny if blob is not encrypted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/74d5cf40-7293-46a4-a285-7ea971e3719a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"74d5cf40-7293-46a4-a285-7ea971e3719a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Location restriction\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Policy to force allocations to a set of given locations\",\r\n \"metadata\": {\r\n \"category\": \"cstack\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/763dcd1d-a4a9-46a8-8bd3-357c4533a335\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"763dcd1d-a4a9-46a8-8bd3-357c4533a335\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83577342 deny proxy resource location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/83577342/home\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"eastus\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingjobs/transformations\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/77429b44-aac1-4417-a53e-6900c07e11ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"77429b44-aac1-4417-a53e-6900c07e11ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Block TLS < 1.2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/slots/config\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\r\n \"notEquals\": \"1.2\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/78c5df31-2f05-4f4d-acfe-3e536d88c1bc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"78c5df31-2f05-4f4d-acfe-3e536d88c1bc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny ActiveDirectory administrators\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/administrators/administratorType\",\r\n \"equals\": \"ActiveDirectory\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash weird chars\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR!@#$%^&*()_+=-{}[];:',.<>?~`/;C:\\\\hello\\\\there\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7f4d769f-78db-46eb-ac3c-0b8214f8c245\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f4d769f-78db-46eb-ac3c-0b8214f8c245\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock v2\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/83daa8ee-7c9a-470c-81a8-5a99ac09d134\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83daa8ee-7c9a-470c-81a8-5a99ac09d134\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"northwell.io\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/86cd412c-c557-473b-984c-a5f15cdcb116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86cd412c-c557-473b-984c-a5f15cdcb116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Parameterized effect (if location != eastus)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The policy effect.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"eastus\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"885f1dcb-a9c5-4c8c-8996-2702db44a2d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.xyz\",\r\n \"exists\": false\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8959fd87-c1dd-4831-9034-a4f876bee1cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8959fd87-c1dd-4831-9034-a4f876bee1cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Kubernetes ingress policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Only specified ingress is allowed based on names\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere applicability test 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/whatever\"\r\n },\r\n {\r\n \"field\": \"tags.applicability\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8e6b598c-1a45-404b-97dd-983e37c040da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8e6b598c-1a45-404b-97dd-983e37c040da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_ipRangeFilter\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/ipRangeFilter\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9012b1cd-b045-46c6-a510-6137e06a009c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elperetest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"value\": \"[resourceGroup().tags['Hyphen-test']]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9389a21b-2134-414a-a579-e9f2709b2131\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9389a21b-2134-414a-a579-e9f2709b2131\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash (array)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": [\r\n \"C:\\\\rs-pkgs\",\r\n \"C:\\\\System Volume Information\\\\DFSR\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/985adbc0-6d2e-448a-ac26-89d3688191d5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"985adbc0-6d2e-448a-ac26-89d3688191d5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github209\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/virtualNetworkRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9a060c03-fda7-4b0a-b4da-15e2b7e4d117\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9a060c03-fda7-4b0a-b4da-15e2b7e4d117\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - Subscription Lvl test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Subscriptionlevel auditIfNotExist policy\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a1b067c8-2970-4c0b-b0da-31ae7f33d1de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1b067c8-2970-4c0b-b0da-31ae7f33d1de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Noop\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Don't do anything\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"yabba\",\r\n \"dabba\",\r\n \"doo\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a309ad64-0bae-48d9-a6b1-d99c0b4218b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a309ad64-0bae-48d9-a6b1-d99c0b4218b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyof\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a337c781-c7d8-4e12-ae69-1951c7e74378\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a337c781-c7d8-4e12-ae69-1951c7e74378\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127 - better\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\",\r\n \"Deny\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"81196380\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure https traffic only for storage account\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure https traffic only for storage account\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"true\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscription name tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"add subscription name tag\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionname\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionname\",\r\n \"value\": \"[subscription().displayName]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d82a2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d82a2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Add subscription \\\"id\\\" tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.id\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.id\",\r\n \"value\": \"[subscription().id]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8339\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8339\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscriptionId tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionId\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionId\",\r\n \"value\": \"[subscription().subscriptionId]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8635\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8635\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgaNSGtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/aeb6a524-e3d1-4b8a-afa8-26ae4e291116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aeb6a524-e3d1-4b8a-afa8-26ae4e291116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed Location Indexed\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"hackathon policy\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Allowed-Locations-Indexed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Allowed-Locations-Indexed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if antiMalware extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy audits if the anti malware extension .\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/antiMalwareExtensionExists\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"antiMalwareExtensionExists\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Web socket must be disabled on App Services\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures web sockets are disabled on App Services.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/AppServiceWebSockets\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"AppServiceWebSockets\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure Security Center must be enabled\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures Azure Security Center is enabled.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ASCEnabled\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ASCEnabled\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and it's value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and its value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits if a required extension doesn't exist.\",\r\n \"parameters\": {\r\n \"publisher\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The publisher of the extension\",\r\n \"displayName\": \"Extension Publisher\"\r\n }\r\n },\r\n \"type\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The type of the extension\",\r\n \"displayName\": \"Extension Type\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"[parameters('publisher')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"[parameters('type')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/audit-vm-extension\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"audit-vm-extension\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"CanCrudPolicyAssignment Policy Definition $[Auto Test]\",\r\n \"policyType\": \"Custom\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"ResourceProviderTestHost/TestResourceType/TestResourceTypeNestedOne/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/azsmnet6487\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"azsmnet6487\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"89322663 audit diag setting\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"description\": \"The list of resources types to audit for missing diagnostic log settings.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"details\": {\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"equals\": \"true\",\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\"\r\n }\r\n ]\r\n },\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\"\r\n },\r\n \"effect\": \"AuditIfNotExists\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b350b9b0-8ba5-4867-bc9c-63b4544671b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b350b9b0-8ba5-4867-bc9c-63b4544671b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"makharchtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"policy\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b36f6195-0fc5-4a41-bbce-875248400f5f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b36f6195-0fc5-4a41-bbce-875248400f5f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash really long string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b9203c56-0565-434a-a315-87f4da9f21b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b9203c56-0565-434a-a315-87f4da9f21b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"NSG Rules exists test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].protocol\",\r\n \"notLike\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/bb6a78ae-8737-41e0-9c41-cc777c8c00a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bb6a78ae-8737-41e0-9c41-cc777c8c00a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"Category\": \"Flintstones\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"yabba\",\r\n \"dabba\",\r\n \"doo\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/BedrockPolicy\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"BedrockPolicy\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c0f586f1-abe5-4801-8588-7332e49e60c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c0f586f1-abe5-4801-8588-7332e49e60c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"234\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logprofiles\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/logprofiles\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Doublecheck the lifecycle tag policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy refers to tags['Lifecycle'], which with the current implementation of the escaped tags syntax will refer to a tag named 'Lifecycle' (quotes and all). This is a customer policy that would be broken when I switch the meaning of tags['Lifecycle'] to refer simply to a tag named Lifecycle (no quotes)\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['Lifecycle']\",\r\n \"notIn\": [\r\n \"dev\",\r\n \"tst\",\r\n \"stg\",\r\n \"prd\",\r\n \"trn\",\r\n \"prf\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c6be98a9-8108-40aa-b726-d2ae8e2891b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c6be98a9-8108-40aa-b726-d2ae8e2891b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe resource group auditIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c7b9982d-2f50-4730-935f-5c241982a441\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c7b9982d-2f50-4730-935f-5c241982a441\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed resource types\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": \"The list of allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('allowedTypes')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c872f951-1c5d-4c61-89dd-aee2350a11ba\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8b79b49-a579-4045-984e-1b249ab8b474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8cedfaa-4aa0-465a-8b90-49caf8177158\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8cedfaa-4aa0-465a-8b90-49caf8177158\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere css block NSG changes\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/95894791/home\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"nsgName\",\r\n \"description\": \"The name of the NSG.\"\r\n },\r\n \"defaultValue\": \"nsgName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('nsgName')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"fullName\",\r\n \"like\": \"[concat(parameters('nsgName'), '/*')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ca01432d-4278-45a6-8137-69f2155d2248\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ca01432d-4278-45a6-8137-69f2155d2248\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin empty string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure resource names meet the like condition for a pattern.\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"namePattern\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"namePattern\",\r\n \"description\": \"Pattern to use for names. Can include wildcard (*).\"\r\n },\r\n \"allowedValues\": [\r\n \"\",\r\n \"one\",\r\n \"two\"\r\n ],\r\n \"defaultValue\": \"\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('namePattern')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"camarvin-test-empty-assign\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere append 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.test\",\r\n \"value\": \"1\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny on 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.test\",\r\n \"equals\": \"1\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Resource name contains resource group name\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Require resources to contain the resource group's name\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"notContains\": \"[resourceGroup().name]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/contain-resource-group-name\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"contain-resource-group-name\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v3\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"third attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5002\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-deployIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"deploys a delete lock for a resource \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/0b88dfdb-55b3-4fb0-b474-5b6dcbe6b2ef/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"CanNotDelete\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {},\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"apiVersion\": \"2015-01-01\",\r\n \"name\": \"DeleteLock\",\r\n \"properties\": {\r\n \"level\": \"CanNotDelete\",\r\n \"notes\": \"prevent deletion\"\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5632\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5632\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce KeyVault diagnostic log storage (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"elperetest\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('elpere', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d0d9349d-843c-443a-9f27-5ce84f08c37e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d0d9349d-843c-443a-9f27-5ce84f08c37e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere template paramters function tests\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"testing strange array behavior\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"contains\": \"lmao\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"String\"\r\n },\r\n \"dataDisks\": {\r\n \"type\": \"object\"\r\n },\r\n \"osDisk\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmVar\": \"[parameters('vmName')]\",\r\n \"dataDisksVar\": \"[parameters('dataDisks')]\"\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"vmNameOut\": {\r\n \"value\": \"[variables('vmVar')]\",\r\n \"type\": \"String\"\r\n },\r\n \"dataDisksOut\": {\r\n \"value\": \"[concat(array(parameters('osDisk')), if(empty(parameters('dataDisks').rawValue), parameters('dataDisks').emptyArray, array(parameters('dataDisks').rawValue)))]\",\r\n \"type\": \"array\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"dataDisks\": {\r\n \"value\": {\r\n \"rawValue\": \"[field('Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.id')]\",\r\n \"emptyArray\": []\r\n }\r\n },\r\n \"osDisk\": {\r\n \"value\": \"[field('Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.id')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d2532053-bf59-4095-a1ae-2b7e4744f119\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d2532053-bf59-4095-a1ae-2b7e4744f119\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Access KV as part of remidiation deployment test (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"hello\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"outputs\": {\r\n \"testSecretOutput\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('testSecret')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"reference\": {\r\n \"keyVault\": {\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/elpere/providers/Microsoft.KeyVault/vaults/elpereKv\"\r\n },\r\n \"secretName\": \"test\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d35ce9be-f51b-4d3e-bc7f-dde2936381b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d35ce9be-f51b-4d3e-bc7f-dde2936381b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - inv\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"inv \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\",\r\n \"details\": {\r\n \"functionId\": \"subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourcegroups/AKif2WebApp/providers/Microsoft.Logic/workflows/deneme\",\r\n \"payload\": {\r\n \"locations\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d54722e7-4665-47ce-9a82-2f96cebfe238\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d54722e7-4665-47ce-9a82-2f96cebfe238\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - incident - gardner\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"name\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"text\": {\r\n \"type\": \"string\",\r\n \"value\": \"Policy executed for resource [parameters('name')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"name\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d54722e7-4665-47ce-9a82-2f96cebfe353\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d54722e7-4665-47ce-9a82-2f96cebfe353\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs (NSG level)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Overwrites security rules with IP restrictions at the NSG level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges may overlap.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"getNsgDeploymentName\": \"[concat('getNSGContent-', parameters('nsgName'))]\",\r\n \"collectorDeploymentName\": \"[concat('collectRules-', parameters('nsgName'))]\",\r\n \"overwriteNsgDeploymentName\": \"[concat('overwriteNsg-', parameters('nsgName'))]\",\r\n \"nsgResourceId\": \"[resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"nsgProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('nsgResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectorDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_collectRules_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"nsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"portRangesToRestrict\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_overwriteNSG_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"originalNsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"updatedSecurityRules\": {\r\n \"value\": \"[reference(variables('collectorDeploymentName')).outputs.updatedSecurityRules.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d7b13c30-e6aa-47e1-b50a-8e33f152d086\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d7b13c30-e6aa-47e1-b50a-8e33f152d086\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7121\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7126\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e712b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7130\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7135\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e713a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Audited skus\",\r\n \"description\": \"The list of skus.\",\r\n \"strongType\": \"storageSkus\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e90ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e90ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List Of Allowed SKUs\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"vmSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e9170\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e9170\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[elpere] deployIfNotExists Runners test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"deployIfNotExistsTestsRule\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/deployIfNotExistsTestsRule')]\",\r\n \"properties\": {\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbfa9fc0-5202-4001-8759-1aa2387f825b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbfa9fc0-5202-4001-8759-1aa2387f825b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"allowedOS\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"test_sandipsh\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedWindows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Windows VMs\",\r\n \"description\": \"The list of allowed VMs for Windows.\"\r\n }\r\n },\r\n \"listOfAllowedUbuntus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Ubuntu VMs\",\r\n \"description\": \"The list of allowed VMs for Ubuntu.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/disks\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"Canonical\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"UbuntuServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedUbuntus')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedWindows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services backup policies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"policies\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policies\",\r\n \"description\": \"The list of allowed Recovery Services backup policies.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n },\r\n \"policy\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policy\",\r\n \"description\": \"Allowed Recovery Services backup policy.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('policies')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('policy')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e3f9a624-b17d-4dc8-9649-65814d3241bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3f9a624-b17d-4dc8-9649-65814d3241bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"authSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their logs config\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"logs\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny changing sites authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"defaultValue: all parameters\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"defaultValue\"\r\n },\r\n \"parameters\": {\r\n \"locations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array)\",\r\n \"description\": \"The list of locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": [\r\n \"eastus\",\r\n \"westus\"\r\n ]\r\n },\r\n \"location\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string)\",\r\n \"description\": \"The location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"resourceGroups\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array)\",\r\n \"description\": \"The list of resource groups.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": [\r\n \"camarvin\"\r\n ]\r\n },\r\n \"resourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string)\",\r\n \"description\": \"The resource group.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": \"camarvin\"\r\n },\r\n \"tags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array)\",\r\n \"description\": \"The list of tags.\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"tag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string)\",\r\n \"description\": \"The tag.\"\r\n },\r\n \"defaultValue\": \"\"\r\n },\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array, av)\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": [\r\n \"eastus\"\r\n ]\r\n },\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string, av)\",\r\n \"description\": \"The allowed location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"allowedStorageSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array, av)\",\r\n \"description\": \"The list of allowed storage SKUs for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ]\r\n },\r\n \"allowedStorageSKU\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string, av)\",\r\n \"description\": \"The allowed storage SKU for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": \"Standard_LRS\"\r\n },\r\n \"allowedTags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array, av)\",\r\n \"description\": \"The list of allowed tags.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ]\r\n },\r\n \"allowedTag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string, av)\",\r\n \"description\": \"The allowed tag.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": \"FirstName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('locations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('resourceGroups')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('resourceGroup')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('tags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('tag')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedStorageSkus')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"Equals\": \"[parameters('allowedStorageSku')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedTags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"NotEquals\": \"[parameters('allowedTag')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ea1688b3-022e-4add-af39-2fe60689a3b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ea1688b3-022e-4add-af39-2fe60689a3b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny \\\"Allow All\\\" NSG rules\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies the creation of sourceAddressPrefix=\\\"*\\\", destinationPortRange=\\\"*\\\" NSG security rules\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"PortLockdown_AllowAll\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"notEquals\": \"4000\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github264\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/siteAuthSettings.enabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ef00ee9d-fe45-4d14-8bee-789eea392116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ef00ee9d-fe45-4d14-8bee-789eea392116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"GokmenhTestTagWithHyphen5\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"GokmenhTestTagWithHyphen5\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"value\": \"[resourceGroup().tags['Hyphen-test']]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/f2320be5-23be-4b58-8d8e-08c3044dd60f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f2320be5-23be-4b58-8d8e-08c3044dd60f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy enables you to audit your location.\",\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/LocationAuditDefinition\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"LocationAuditDefinition\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"northeurope\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/policy2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"policy2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps6386\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps6386\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9652\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps9652\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9867\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps9867\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test policy\",\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testSandipsh.draft\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testSandipsh.draft\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testtest\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"testtest\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testtest\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testtest\"\r\n }\r\n ]\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policysetdefinitions?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucz9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "BuiltinFilterParameterSet" + ], + "CommandName": [ + "Get-AzPolicySetDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-request-id": [ + "westus2:1addcf05-9583-41e6-9c95-61c9c83c8d4e" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11994" + ], + "x-ms-correlation-request-id": [ + "820c8ab5-f39a-47af-bd54-9a7e9bda13b7" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T193815Z:820c8ab5-f39a-47af-bd54-9a7e9bda13b7" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 19:38:15 GMT" + ], + "Content-Length": [ + "93897" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Monitoring in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor system updates\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor OS vulnerabilities\",\r\n \"description\": \"Enable or disable OS vulnerabilities monitoring (based on a configured baseline)\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor endpoint protection\",\r\n \"description\": \"Enable or disable endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disk encryption\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor network security groups\",\r\n \"description\": \"Enable or disable monitoring of network security groups with permissive rules\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webApplicationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor web application firewall\",\r\n \"description\": \"Enable or disable the monitoring of unprotected web applications\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Next Generation Firewall (NGFW) monitoring\",\r\n \"description\": \"Enable or disable monitoring network endpoints without a Next Generation Firewall\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor vulnerability assesment\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"storageEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor storage blob encryption\",\r\n \"description\": \"Enable or disable the monitoring of blob encryption for storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor JIT network access\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor application whitelisting\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL Servers auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL Servers\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInAppServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure App Services\",\r\n \"description\": \"Enable or disable the monitoring of diagnostics logs in Azure App Services\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"encryptionOfAutomationAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor encryption of automation accounts\",\r\n \"description\": \"Enable or disable the monitoring of automation account encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"metricAlertsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor metric alerts in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of metric alerts in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic compute VMs\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"classicStorageAccountsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of classic storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Analytics accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Analytics accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Store accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Store accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Event Hub accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInKeyVaultMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Key Vault vaults\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Key Vault vaults\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInKeyVaultRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Key Vault vaults\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Logic Apps workflows\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInLogicAppsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Redis Cache\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Redis Cache\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Search service\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Azure Active Directory authentication in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"clusterProtectionLevelInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor cluster protection level in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of cluster protection level in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Bus\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Bus\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceBusRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Service Bus\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Service Bus namespace authorization rules\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the provisioning of an Azure AD admininistrator for SQL server\",\r\n \"description\": \"Enable or disable the monitoring of an Azure AD admininistrator for SQL server\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the secure transfer to storage account\",\r\n \"description\": \"Enable or disable the monitoring of secure transfer to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Stream Analytics\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Stream Analytics\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Stream Analytics\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"useRbacRulesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor of using built-in RBAC rules\",\r\n \"description\": \"Enable or disable the monitoring of using built-in RBAC rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disabling of unrestricted network access to storage account\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"accessRulesInEventHubNamespaceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hub namespaces\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hub namespaces\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"accessRulesInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hubs\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL vulnerability assessment results\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor maximum number of owners\",\r\n \"description\": \"Enable or disable the monitoring of maximum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor minimus number of owners\",\r\n \"description\": \"Enable or disable the monitoring of minimum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Function App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Web App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Function App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Web App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for API App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Function App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Web App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in API App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in function App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in Web App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Function\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Function\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Web\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in API App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Function App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Web App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in API App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in Web App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in API App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestNodeJsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Node.js in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Node.js version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in API App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in Web App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in API App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use of DDoS protection for virtual network\",\r\n \"description\": \"Enable or disable the monitoring of DDoS protection for virtual network\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in IoT Hubs\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in IoT Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in IoT Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInIoTHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubNamespaceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"useRbacRulesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('useRbacRulesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInStreamAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"secureTransferToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('secureTransferToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInSqlServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInSqlServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"clusterProtectionLevelInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInRedisCacheMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInKeyVaultMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeStoreMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicStorageAccountsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicStorageAccountsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteStart\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteStartEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"encryptionOfAutomationAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('encryptionOfAutomationAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInAppServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInAppServiceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"storageEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('storageEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemConfigurationsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemConfigurationsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('endpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webApplicationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webApplicationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateLessThanOwnersMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateLessThanOwnersMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateMoreThanOneOwnerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestNodeJsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestNodeJsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vnetEnableDDoSProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vnetEnableDDoSProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"25ef9b72-4af2-4501-acd1-fc814e73dde1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Password security settings inside Linux and Windows virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This policy will audit password security settings inside Linux and Windows virtual machines. For a list of individual settings, please follow the aka.ms link to Azure Policy documentation.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55f3eceb-5573-4f18-9695-226972c6d74a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"75714362-cae7-409e-9b99-a8e5075b7fad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web server security settings inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This initiative will both deploy the VM extension and audit web server security settings inside Windows VMs.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8bc55e6b-e9d5-4266-8dac-f688d151ec9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Data Protection Suite\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c937dcb4-4398-4b39-8d63-4a6be432252e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d7fff7ea-9d47-4952-b854-b7da261e48f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f48bcc78-5400-4fb0-b913-5140a2e5fa20\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Azure Monitor\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains many policies with DeployIfNotExists effect with assignPermissions set at the parameter at the individual policy definition level.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_2\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4755676876307240960\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13418251844728914181\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"12068070188350812865\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8310573323379365078\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"560174196401503668\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"7752708915834271964\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/2476fb6f-011e-4bc4-9d07-ba137949735d\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"2476fb6f-011e-4bc4-9d07-ba137949735d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : No DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains no policies with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"LISTOFIMAGEIDTOINCLUDE_WINDOWS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_LINUX_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"492067171675640903\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"2492943854376579140\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/351907c4-cd47-4e63-8246-c591645a58d6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"351907c4-cd47-4e63-8246-c591645a58d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"cosmosdb new aliases test\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"5701618597132748228\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"9148562625737659571\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1317257300482699336\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"636235743263978372\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6540762518326135304\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"16237668974108817340\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/37501145-d01b-4bc8-92d0-c795a19fd164\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd164\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Initiative containing some definitions with deployIfNotExists effect\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9705281775767545600\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"3301615874834833614\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8044870099827093134\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/471eddb2-9421-4b81-8a25-3a0b849544dd\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"471eddb2-9421-4b81-8a25-3a0b849544dd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"6346022531429970426\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/71289c53-22e7-4f31-a6dd-780b532380c6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgatestinitmultiparam\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"TAGNAME_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name1\"\r\n }\r\n },\r\n \"TAGVALUE_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value1\"\r\n }\r\n },\r\n \"TAGNAME_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name2\"\r\n }\r\n },\r\n \"TAGVALUE_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value2\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"7154720483946859542\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_1')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"14987881155449304382\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_2')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/73933cd4-bc06-4e14-8166-3a7109eca21b\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"73933cd4-bc06-4e14-8166-3a7109eca21b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : One DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains one policy with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n },\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": null,\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_WINDOWS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_LINUX_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"12822089530504669560\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"492067171675640903\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"2492943854376579140\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/74016c36-0a9a-436a-8436-291d54eab1a2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"74016c36-0a9a-436a-8436-291d54eab1a2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed set\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"LISTOFALLOWEDSKUS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n },\r\n \"LISTOFRESOURCETYPESNOTALLOWED_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"8962248944013962433\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"value\": \"[parameters('LISTOFALLOWEDSKUS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13081098409154781365\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"value\": \"[parameters('LISTOFRESOURCETYPESNOTALLOWED_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/762007ec-c5ba-41ae-a52d-db0834bea096\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"762007ec-c5ba-41ae-a52d-db0834bea096\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"TestAdditionalResourceType\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4146325350290724164\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Sql/servers/firewallRules\",\r\n \"TrendMicro.DeepSecurity/listCommunicationPreference\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/80894954-5ae1-4391-975d-630e5586d07a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"80894954-5ae1-4391-975d-630e5586d07a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim rt group set\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"1\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"ALLOWEDTYPES_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": null,\r\n \"strongType\": \"resourceTypes\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.EventGrid/domains\",\r\n \"Microsoft.EventGrid/domains/topics\",\r\n \"Microsoft.EventGrid/locations\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"18341726042324576950\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Cdn/checkNameAvailability\",\r\n \"Microsoft.Cdn/checkResourceUsage\",\r\n \"Microsoft.Cdn/profiles\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1359233886895761531\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"value\": \"[parameters('ALLOWEDTYPES_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/82d42e20-f682-48dc-95b1-144f0963f0c1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"82d42e20-f682-48dc-95b1-144f0963f0c1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"tags\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9736595915162791837\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t1\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t1v\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5376449293497609056\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t2\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t2v\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/875cf75e-49c3-47f8-ab8d-89ba3d2311a0\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"875cf75e-49c3-47f8-ab8d-89ba3d2311a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ComplianceTestInitiative\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Compliance test initiative \",\r\n \"metadata\": {\r\n \"category\": \"Compliance test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4047897157028507992\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"4859121137597195236\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"centralus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8935913113203900114\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus2\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/a03db67e-a286-43c3-9098-b2da83d361ad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"a03db67e-a286-43c3-9098-b2da83d361ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : DINE mulitple policies with no role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"storageAccountsResourceGroup\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9705281775767545600\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"661064339838764944\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195\",\r\n \"parameters\": {\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"rohitbhtest\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/b03bf722-f2a8-4a84-8af6-f43b28b5a917\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"b03bf722-f2a8-4a84-8af6-f43b28b5a917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgaparamtest\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"LISTOFRESOURCETYPESNOTALLOWED_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"13081098409154781365\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"value\": \"[parameters('LISTOFRESOURCETYPESNOTALLOWED_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/c020e9eb-47d4-434a-8627-e202808ed117\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c020e9eb-47d4-434a-8627-e202808ed117\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Many DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains many policies with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": null,\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_2\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4755676876307240960\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13418251844728914181\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"12068070188350812865\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8310573323379365078\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"560174196401503668\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"7752708915834271964\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/da84593c-b133-40c2-8524-c79fd38e7450\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7450\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test_sandipsh123\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/db6c5074-a529-4cc8-8882-43f10ef42002\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"db6c5074-a529-4cc8-8882-43f10ef42002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MuratTest\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"murat\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ersan\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"testupdate\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ignite\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Initiative with my parameterized effect policy\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"EFFECT_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Initiative effect\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"16025301204423402856\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"audit\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"15232055014610564026\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('EFFECT_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e6884163-54c6-4f5e-9570-9e4cbd95b078\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e6884163-54c6-4f5e-9570-9e4cbd95b078\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"6782502132987446742\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9867\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/ps3866\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"ps3866\"\r\n }\r\n ]\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policysetdefinitions?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucz9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "CustomFilterParameterSet" + ], + "CommandName": [ + "Get-AzPolicySetDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-request-id": [ + "westus2:bb761c3c-48d7-4333-ade3-50ffdd3e4821" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11993" + ], + "x-ms-correlation-request-id": [ + "6942379c-9578-4f48-94e5-dea270e875fe" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T193816Z:6942379c-9578-4f48-94e5-dea270e875fe" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 19:38:16 GMT" + ], + "Content-Length": [ + "93897" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Monitoring in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor system updates\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor OS vulnerabilities\",\r\n \"description\": \"Enable or disable OS vulnerabilities monitoring (based on a configured baseline)\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor endpoint protection\",\r\n \"description\": \"Enable or disable endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disk encryption\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor network security groups\",\r\n \"description\": \"Enable or disable monitoring of network security groups with permissive rules\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webApplicationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor web application firewall\",\r\n \"description\": \"Enable or disable the monitoring of unprotected web applications\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Next Generation Firewall (NGFW) monitoring\",\r\n \"description\": \"Enable or disable monitoring network endpoints without a Next Generation Firewall\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor vulnerability assesment\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"storageEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor storage blob encryption\",\r\n \"description\": \"Enable or disable the monitoring of blob encryption for storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor JIT network access\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor application whitelisting\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL Servers auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL Servers\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInAppServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure App Services\",\r\n \"description\": \"Enable or disable the monitoring of diagnostics logs in Azure App Services\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"encryptionOfAutomationAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor encryption of automation accounts\",\r\n \"description\": \"Enable or disable the monitoring of automation account encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"metricAlertsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor metric alerts in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of metric alerts in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic compute VMs\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"classicStorageAccountsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of classic storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Analytics accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Analytics accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Store accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Store accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Event Hub accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInKeyVaultMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Key Vault vaults\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Key Vault vaults\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInKeyVaultRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Key Vault vaults\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Logic Apps workflows\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInLogicAppsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Redis Cache\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Redis Cache\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Search service\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Azure Active Directory authentication in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"clusterProtectionLevelInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor cluster protection level in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of cluster protection level in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Bus\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Bus\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceBusRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Service Bus\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Service Bus namespace authorization rules\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the provisioning of an Azure AD admininistrator for SQL server\",\r\n \"description\": \"Enable or disable the monitoring of an Azure AD admininistrator for SQL server\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the secure transfer to storage account\",\r\n \"description\": \"Enable or disable the monitoring of secure transfer to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Stream Analytics\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Stream Analytics\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Stream Analytics\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"useRbacRulesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor of using built-in RBAC rules\",\r\n \"description\": \"Enable or disable the monitoring of using built-in RBAC rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disabling of unrestricted network access to storage account\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"accessRulesInEventHubNamespaceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hub namespaces\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hub namespaces\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"accessRulesInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hubs\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL vulnerability assessment results\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor maximum number of owners\",\r\n \"description\": \"Enable or disable the monitoring of maximum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor minimus number of owners\",\r\n \"description\": \"Enable or disable the monitoring of minimum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Function App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Web App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Function App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Web App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for API App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Function App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Web App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in API App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in function App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in Web App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Function\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Function\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Web\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in API App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Function App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Web App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in API App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in Web App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in API App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestNodeJsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Node.js in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Node.js version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in API App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in Web App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in API App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use of DDoS protection for virtual network\",\r\n \"description\": \"Enable or disable the monitoring of DDoS protection for virtual network\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in IoT Hubs\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in IoT Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in IoT Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInIoTHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubNamespaceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"useRbacRulesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('useRbacRulesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInStreamAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"secureTransferToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('secureTransferToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInSqlServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInSqlServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"clusterProtectionLevelInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInRedisCacheMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInKeyVaultMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeStoreMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicStorageAccountsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicStorageAccountsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteStart\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteStartEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"encryptionOfAutomationAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('encryptionOfAutomationAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInAppServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInAppServiceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"storageEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('storageEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemConfigurationsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemConfigurationsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('endpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webApplicationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webApplicationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateLessThanOwnersMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateLessThanOwnersMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateMoreThanOneOwnerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestNodeJsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestNodeJsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vnetEnableDDoSProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vnetEnableDDoSProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"25ef9b72-4af2-4501-acd1-fc814e73dde1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Password security settings inside Linux and Windows virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This policy will audit password security settings inside Linux and Windows virtual machines. For a list of individual settings, please follow the aka.ms link to Azure Policy documentation.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55f3eceb-5573-4f18-9695-226972c6d74a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"75714362-cae7-409e-9b99-a8e5075b7fad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web server security settings inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This initiative will both deploy the VM extension and audit web server security settings inside Windows VMs.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8bc55e6b-e9d5-4266-8dac-f688d151ec9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Data Protection Suite\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c937dcb4-4398-4b39-8d63-4a6be432252e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d7fff7ea-9d47-4952-b854-b7da261e48f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f48bcc78-5400-4fb0-b913-5140a2e5fa20\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Azure Monitor\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains many policies with DeployIfNotExists effect with assignPermissions set at the parameter at the individual policy definition level.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_2\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4755676876307240960\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13418251844728914181\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"12068070188350812865\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8310573323379365078\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"560174196401503668\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"7752708915834271964\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/2476fb6f-011e-4bc4-9d07-ba137949735d\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"2476fb6f-011e-4bc4-9d07-ba137949735d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : No DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains no policies with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"LISTOFIMAGEIDTOINCLUDE_WINDOWS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_LINUX_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"492067171675640903\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"2492943854376579140\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/351907c4-cd47-4e63-8246-c591645a58d6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"351907c4-cd47-4e63-8246-c591645a58d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"cosmosdb new aliases test\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"5701618597132748228\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"9148562625737659571\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1317257300482699336\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"636235743263978372\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6540762518326135304\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"16237668974108817340\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/37501145-d01b-4bc8-92d0-c795a19fd164\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd164\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Initiative containing some definitions with deployIfNotExists effect\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9705281775767545600\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"3301615874834833614\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8044870099827093134\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/471eddb2-9421-4b81-8a25-3a0b849544dd\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"471eddb2-9421-4b81-8a25-3a0b849544dd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"6346022531429970426\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/71289c53-22e7-4f31-a6dd-780b532380c6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgatestinitmultiparam\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"TAGNAME_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name1\"\r\n }\r\n },\r\n \"TAGVALUE_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value1\"\r\n }\r\n },\r\n \"TAGNAME_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name2\"\r\n }\r\n },\r\n \"TAGVALUE_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value2\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"7154720483946859542\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_1')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"14987881155449304382\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_2')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/73933cd4-bc06-4e14-8166-3a7109eca21b\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"73933cd4-bc06-4e14-8166-3a7109eca21b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : One DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains one policy with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n },\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": null,\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_WINDOWS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_LINUX_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"12822089530504669560\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"492067171675640903\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"2492943854376579140\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/74016c36-0a9a-436a-8436-291d54eab1a2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"74016c36-0a9a-436a-8436-291d54eab1a2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed set\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"LISTOFALLOWEDSKUS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n },\r\n \"LISTOFRESOURCETYPESNOTALLOWED_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"8962248944013962433\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"value\": \"[parameters('LISTOFALLOWEDSKUS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13081098409154781365\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"value\": \"[parameters('LISTOFRESOURCETYPESNOTALLOWED_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/762007ec-c5ba-41ae-a52d-db0834bea096\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"762007ec-c5ba-41ae-a52d-db0834bea096\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"TestAdditionalResourceType\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4146325350290724164\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Sql/servers/firewallRules\",\r\n \"TrendMicro.DeepSecurity/listCommunicationPreference\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/80894954-5ae1-4391-975d-630e5586d07a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"80894954-5ae1-4391-975d-630e5586d07a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim rt group set\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"1\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"ALLOWEDTYPES_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": null,\r\n \"strongType\": \"resourceTypes\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.EventGrid/domains\",\r\n \"Microsoft.EventGrid/domains/topics\",\r\n \"Microsoft.EventGrid/locations\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"18341726042324576950\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Cdn/checkNameAvailability\",\r\n \"Microsoft.Cdn/checkResourceUsage\",\r\n \"Microsoft.Cdn/profiles\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1359233886895761531\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"value\": \"[parameters('ALLOWEDTYPES_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/82d42e20-f682-48dc-95b1-144f0963f0c1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"82d42e20-f682-48dc-95b1-144f0963f0c1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"tags\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9736595915162791837\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t1\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t1v\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5376449293497609056\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t2\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t2v\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/875cf75e-49c3-47f8-ab8d-89ba3d2311a0\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"875cf75e-49c3-47f8-ab8d-89ba3d2311a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ComplianceTestInitiative\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Compliance test initiative \",\r\n \"metadata\": {\r\n \"category\": \"Compliance test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4047897157028507992\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"4859121137597195236\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"centralus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8935913113203900114\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus2\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/a03db67e-a286-43c3-9098-b2da83d361ad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"a03db67e-a286-43c3-9098-b2da83d361ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : DINE mulitple policies with no role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"storageAccountsResourceGroup\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9705281775767545600\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"661064339838764944\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195\",\r\n \"parameters\": {\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"rohitbhtest\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/b03bf722-f2a8-4a84-8af6-f43b28b5a917\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"b03bf722-f2a8-4a84-8af6-f43b28b5a917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgaparamtest\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"LISTOFRESOURCETYPESNOTALLOWED_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"13081098409154781365\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"value\": \"[parameters('LISTOFRESOURCETYPESNOTALLOWED_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/c020e9eb-47d4-434a-8627-e202808ed117\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c020e9eb-47d4-434a-8627-e202808ed117\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Many DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains many policies with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": null,\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_2\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4755676876307240960\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13418251844728914181\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"12068070188350812865\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8310573323379365078\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"560174196401503668\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"7752708915834271964\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/da84593c-b133-40c2-8524-c79fd38e7450\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7450\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test_sandipsh123\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/db6c5074-a529-4cc8-8882-43f10ef42002\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"db6c5074-a529-4cc8-8882-43f10ef42002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MuratTest\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"murat\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ersan\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"testupdate\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ignite\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Initiative with my parameterized effect policy\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"EFFECT_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Initiative effect\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"16025301204423402856\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"audit\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"15232055014610564026\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('EFFECT_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e6884163-54c6-4f5e-9570-9e4cbd95b078\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e6884163-54c6-4f5e-9570-9e4cbd95b078\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"6782502132987446742\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9867\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/ps3866\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"ps3866\"\r\n }\r\n ]\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policysetdefinitions?api-version=2018-05-01", + "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucz9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicySetDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-request-id": [ + "westus2:0f508066-20cc-48c4-a430-61eed738db73" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-correlation-request-id": [ + "776c67bf-3d4b-46b8-a762-780695c4a110" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T193817Z:776c67bf-3d4b-46b8-a762-780695c4a110" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 19:38:16 GMT" + ], + "Content-Length": [ + "93897" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Monitoring in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor system updates\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor OS vulnerabilities\",\r\n \"description\": \"Enable or disable OS vulnerabilities monitoring (based on a configured baseline)\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor endpoint protection\",\r\n \"description\": \"Enable or disable endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disk encryption\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor network security groups\",\r\n \"description\": \"Enable or disable monitoring of network security groups with permissive rules\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webApplicationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor web application firewall\",\r\n \"description\": \"Enable or disable the monitoring of unprotected web applications\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Next Generation Firewall (NGFW) monitoring\",\r\n \"description\": \"Enable or disable monitoring network endpoints without a Next Generation Firewall\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor vulnerability assesment\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"storageEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor storage blob encryption\",\r\n \"description\": \"Enable or disable the monitoring of blob encryption for storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor JIT network access\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor application whitelisting\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL Servers auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL Servers\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInAppServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure App Services\",\r\n \"description\": \"Enable or disable the monitoring of diagnostics logs in Azure App Services\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"encryptionOfAutomationAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor encryption of automation accounts\",\r\n \"description\": \"Enable or disable the monitoring of automation account encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"metricAlertsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor metric alerts in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of metric alerts in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic compute VMs\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"classicStorageAccountsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of classic storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Analytics accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Analytics accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Store accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Store accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Event Hub accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInKeyVaultMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Key Vault vaults\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Key Vault vaults\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInKeyVaultRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Key Vault vaults\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Logic Apps workflows\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInLogicAppsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Redis Cache\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Redis Cache\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Search service\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Azure Active Directory authentication in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"clusterProtectionLevelInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor cluster protection level in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of cluster protection level in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Bus\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Bus\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceBusRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Service Bus\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Service Bus namespace authorization rules\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the provisioning of an Azure AD admininistrator for SQL server\",\r\n \"description\": \"Enable or disable the monitoring of an Azure AD admininistrator for SQL server\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the secure transfer to storage account\",\r\n \"description\": \"Enable or disable the monitoring of secure transfer to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Stream Analytics\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Stream Analytics\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Stream Analytics\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"useRbacRulesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor of using built-in RBAC rules\",\r\n \"description\": \"Enable or disable the monitoring of using built-in RBAC rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disabling of unrestricted network access to storage account\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"accessRulesInEventHubNamespaceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hub namespaces\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hub namespaces\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"accessRulesInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hubs\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL vulnerability assessment results\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor maximum number of owners\",\r\n \"description\": \"Enable or disable the monitoring of maximum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor minimus number of owners\",\r\n \"description\": \"Enable or disable the monitoring of minimum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Function App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Web App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Function App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Web App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for API App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Function App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Web App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in API App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in function App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in Web App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Function\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Function\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Web\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in API App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Function App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Web App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in API App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in Web App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in API App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestNodeJsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Node.js in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Node.js version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in API App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in Web App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in API App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use of DDoS protection for virtual network\",\r\n \"description\": \"Enable or disable the monitoring of DDoS protection for virtual network\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in IoT Hubs\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in IoT Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in IoT Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInIoTHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubNamespaceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"useRbacRulesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('useRbacRulesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInStreamAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"secureTransferToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('secureTransferToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInSqlServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInSqlServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"clusterProtectionLevelInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInRedisCacheMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInKeyVaultMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeStoreMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicStorageAccountsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicStorageAccountsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteStart\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteStartEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"encryptionOfAutomationAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('encryptionOfAutomationAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInAppServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInAppServiceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"storageEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('storageEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemConfigurationsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemConfigurationsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('endpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webApplicationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webApplicationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateLessThanOwnersMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateLessThanOwnersMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateMoreThanOneOwnerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestNodeJsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestNodeJsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vnetEnableDDoSProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vnetEnableDDoSProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"25ef9b72-4af2-4501-acd1-fc814e73dde1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Password security settings inside Linux and Windows virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This policy will audit password security settings inside Linux and Windows virtual machines. For a list of individual settings, please follow the aka.ms link to Azure Policy documentation.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55f3eceb-5573-4f18-9695-226972c6d74a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"75714362-cae7-409e-9b99-a8e5075b7fad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web server security settings inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This initiative will both deploy the VM extension and audit web server security settings inside Windows VMs.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8bc55e6b-e9d5-4266-8dac-f688d151ec9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Data Protection Suite\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c937dcb4-4398-4b39-8d63-4a6be432252e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d7fff7ea-9d47-4952-b854-b7da261e48f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f48bcc78-5400-4fb0-b913-5140a2e5fa20\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Azure Monitor\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains many policies with DeployIfNotExists effect with assignPermissions set at the parameter at the individual policy definition level.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_2\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4755676876307240960\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13418251844728914181\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"12068070188350812865\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8310573323379365078\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"560174196401503668\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"7752708915834271964\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/2476fb6f-011e-4bc4-9d07-ba137949735d\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"2476fb6f-011e-4bc4-9d07-ba137949735d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : No DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains no policies with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"LISTOFIMAGEIDTOINCLUDE_WINDOWS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_LINUX_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"492067171675640903\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"2492943854376579140\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/351907c4-cd47-4e63-8246-c591645a58d6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"351907c4-cd47-4e63-8246-c591645a58d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"cosmosdb new aliases test\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"5701618597132748228\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"9148562625737659571\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1317257300482699336\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"636235743263978372\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6540762518326135304\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"16237668974108817340\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/37501145-d01b-4bc8-92d0-c795a19fd164\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd164\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Initiative containing some definitions with deployIfNotExists effect\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9705281775767545600\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"3301615874834833614\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8044870099827093134\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/471eddb2-9421-4b81-8a25-3a0b849544dd\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"471eddb2-9421-4b81-8a25-3a0b849544dd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"6346022531429970426\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/71289c53-22e7-4f31-a6dd-780b532380c6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgatestinitmultiparam\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"TAGNAME_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name1\"\r\n }\r\n },\r\n \"TAGVALUE_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value1\"\r\n }\r\n },\r\n \"TAGNAME_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name2\"\r\n }\r\n },\r\n \"TAGVALUE_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value2\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"7154720483946859542\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_1')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"14987881155449304382\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_2')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/73933cd4-bc06-4e14-8166-3a7109eca21b\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"73933cd4-bc06-4e14-8166-3a7109eca21b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : One DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains one policy with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n },\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": null,\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_WINDOWS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_LINUX_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"12822089530504669560\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"492067171675640903\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"2492943854376579140\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/74016c36-0a9a-436a-8436-291d54eab1a2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"74016c36-0a9a-436a-8436-291d54eab1a2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed set\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"LISTOFALLOWEDSKUS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n },\r\n \"LISTOFRESOURCETYPESNOTALLOWED_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"8962248944013962433\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"value\": \"[parameters('LISTOFALLOWEDSKUS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13081098409154781365\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"value\": \"[parameters('LISTOFRESOURCETYPESNOTALLOWED_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/762007ec-c5ba-41ae-a52d-db0834bea096\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"762007ec-c5ba-41ae-a52d-db0834bea096\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"TestAdditionalResourceType\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4146325350290724164\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Sql/servers/firewallRules\",\r\n \"TrendMicro.DeepSecurity/listCommunicationPreference\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/80894954-5ae1-4391-975d-630e5586d07a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"80894954-5ae1-4391-975d-630e5586d07a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim rt group set\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"1\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"ALLOWEDTYPES_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": null,\r\n \"strongType\": \"resourceTypes\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.EventGrid/domains\",\r\n \"Microsoft.EventGrid/domains/topics\",\r\n \"Microsoft.EventGrid/locations\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"18341726042324576950\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Cdn/checkNameAvailability\",\r\n \"Microsoft.Cdn/checkResourceUsage\",\r\n \"Microsoft.Cdn/profiles\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1359233886895761531\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"value\": \"[parameters('ALLOWEDTYPES_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/82d42e20-f682-48dc-95b1-144f0963f0c1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"82d42e20-f682-48dc-95b1-144f0963f0c1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"tags\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9736595915162791837\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t1\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t1v\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5376449293497609056\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t2\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t2v\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/875cf75e-49c3-47f8-ab8d-89ba3d2311a0\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"875cf75e-49c3-47f8-ab8d-89ba3d2311a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ComplianceTestInitiative\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Compliance test initiative \",\r\n \"metadata\": {\r\n \"category\": \"Compliance test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4047897157028507992\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"4859121137597195236\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"centralus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8935913113203900114\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus2\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/a03db67e-a286-43c3-9098-b2da83d361ad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"a03db67e-a286-43c3-9098-b2da83d361ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : DINE mulitple policies with no role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"storageAccountsResourceGroup\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9705281775767545600\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"661064339838764944\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195\",\r\n \"parameters\": {\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"rohitbhtest\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/b03bf722-f2a8-4a84-8af6-f43b28b5a917\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"b03bf722-f2a8-4a84-8af6-f43b28b5a917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgaparamtest\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"LISTOFRESOURCETYPESNOTALLOWED_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"13081098409154781365\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"value\": \"[parameters('LISTOFRESOURCETYPESNOTALLOWED_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/c020e9eb-47d4-434a-8627-e202808ed117\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c020e9eb-47d4-434a-8627-e202808ed117\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Many DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains many policies with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": null,\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_2\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4755676876307240960\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13418251844728914181\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"12068070188350812865\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8310573323379365078\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"560174196401503668\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"7752708915834271964\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/da84593c-b133-40c2-8524-c79fd38e7450\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7450\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test_sandipsh123\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/db6c5074-a529-4cc8-8882-43f10ef42002\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"db6c5074-a529-4cc8-8882-43f10ef42002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MuratTest\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"murat\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ersan\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"testupdate\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ignite\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Initiative with my parameterized effect policy\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"EFFECT_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Initiative effect\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"16025301204423402856\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"audit\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"15232055014610564026\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('EFFECT_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e6884163-54c6-4f5e-9570-9e4cbd95b078\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e6884163-54c6-4f5e-9570-9e4cbd95b078\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"6782502132987446742\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9867\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/ps3866\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"ps3866\"\r\n }\r\n ]\r\n}", + "StatusCode": 200 + } + ], + "Names": {}, + "Variables": { + "SubscriptionId": "d0610b27-9663-4c05-89f8-5b4be01e86a5" + } +} \ No newline at end of file diff --git a/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestGetPolicyDefinitionParameters.json b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestGetPolicyDefinitionParameters.json index 6fcf6eaca74e..2a99bf4594af 100644 --- a/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestGetPolicyDefinitionParameters.json +++ b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestGetPolicyDefinitionParameters.json @@ -28,16 +28,16 @@ "Accept-Encoding" ], "x-ms-ratelimit-remaining-subscription-reads": [ - "11998" + "11999" ], "x-ms-request-id": [ - "westus2:4fd95e72-d76b-42af-bc0c-b68005147fad" + "westus2:5cf744b7-3c83-46dd-bc48-064512aa8d3a" ], "x-ms-correlation-request-id": [ - "ed3b3dfe-3b74-4d8a-8f15-8910e1ecce5a" + "2ea331ae-9a2b-4732-80e5-d0a08348529d" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T213923Z:ed3b3dfe-3b74-4d8a-8f15-8910e1ecce5a" + "WESTUS2:20190116T193631Z:2ea331ae-9a2b-4732-80e5-d0a08348529d" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -46,10 +46,10 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:39:22 GMT" + "Wed, 16 Jan 2019 19:36:30 GMT" ], "Content-Length": [ - "439489" + "487308" ], "Content-Type": [ "application/json; charset=utf-8" @@ -61,7 +61,7 @@ "0" ] }, - "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines without disaster recovery configured\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"ASR-Protect-*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an Function app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"001802d1-4969-4c82-a700-c29c6c6f9bbd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"053d3325-282c-4e5c-b944-24faffd30d77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Data Lake Store\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057ef27e-665e-4328-8ea3-04b3122bd9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL DB Level Audit Setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit DB level audit setting for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit VMs that do not use managed disks\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0868462e-646c-4fe3-9ced-a733534b6a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08b17839-76c6-4015-90e0-33d9d54d219c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit minimum number of owners for subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate more than one subscription owner in order to have administrator access redundancy.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateMoreThanOneOwner\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted VM Disks in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0961003e-5a0a-4549-abde-af6a37f2724d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit resource location matches resource group location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that the resource location matches its resource group location\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"notIn\": [\r\n \"[resourcegroup().location]\",\r\n \"global\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a914e76-4921-4c19-b460-a2d36003525a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an function app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e60b895-3786-45da-8377-9c6b4b6ac5f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11ac78e3-31bc-4f0c-8434-37ab963cea07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the required content to audit that an application is installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"WhitelistedApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WhitelistedApplication\"\r\n },\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"installedApplication\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[Parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit transparent data encryption status\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit transparent data encryption status for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"enabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17k78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1c210e94-a481-4beb-95fa-1571b434fb04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicCompute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d84d5fb-01f6-4d12-ba4f-4a26081d403d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1de7b11d-1870-41a5-8181-507e7c663cfb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enforces a required tag and its value. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e30110a-5ceb-460c-a204-c1c3969c6d62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit provisioning of an Azure Active Directory administrator for SQL server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/administrators\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f314764-cb73-4fc9-b863-8eca98ac36e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected web application in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Web applications without a Web Application Firewall protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\",\r\n \"Microsoft.Web/hostingEnvironments\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201ea587-7c90-41c3-910f-c280ae01cfd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a API app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"224da9fe-0d38-4e79-adb3-0a6e2af942ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of only secure connections to your Redis Cache\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Cache\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22bee202-a82f-4305-9a2a-6d7f44d4dedb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordLength\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordLength\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit configuration of metric alert rules on Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit configuration of metric alert rules on Batch account to enable the required metric\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/alertRules\",\r\n \"existenceScope\": \"Subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\r\n \"equals\": \"[parameters('metricName')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\r\n \"equals\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', field('name'))]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Microsoft IaaSAntimalware extension for Windows Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys a Microsoft IaaSAntimalware extension with a default configuraion when a VM is not configured with the antimalware extension.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of process names to exclude from scanning\"\r\n }\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"false\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Quick\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"7\",\r\n \"metadata\": {\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"120\",\r\n \"metadata\": {\r\n \"description\": \"When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM.\"\r\n }\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2835b622-407b-4114-9198-6f7064cbe0dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Applies a required tag and its default value if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fde8a98-6892-426a-83ba-050e640c0ce0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32133ab0-ee4b-4b44-98d6-042180979d50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid232\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"equals\": \"Allow\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34c877ad-507e-4c82-993e-3452a6e0ad3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Logic Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Logic Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34f95f76-5386-4de7-b824-0d8478470c9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MaximumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MaximumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enablement of encryption of Automation account variables\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is important to enable encryption of Automation account variable assets when storing sensitive data\",\r\n \"metadata\": {\r\n \"category\": \"Automation\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts/variables\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Automation/automationAccounts/variables/isEncrypted\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3657f5a0-770e-44a3-b44e-9431ba1e9735\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Threat Detection is enabled on SQL Servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicStorage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c1b3629-c8f8-4bf6-862c-037cb9094038\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Log Analytics Agent for Ubuntu VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace\",\r\n \"metadata\": {\r\n \"category\": \"Compute\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\",\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\",\r\n \"14.04.2-LTS\",\r\n \"12.04.5-LTS\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fe37002-5d00-4b37-a301-da09e3a0ca66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit secure transfer to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit requirment of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"404c3081-a854-4457-ae30-26a93ef643f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"428256e6-1fac-4f48-a757-df34c2b3336d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor permissive network access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"permissiveNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44452482-524f-4bf4-b852-0bff7cc4a3ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require SQL Server version 12.0\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures all SQL servers use version 12.0\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/version\",\r\n \"equals\": \"12.0\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46544d7b-1f0d-46f5-81da-5c1351de1b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce automatic OS upgrade with app health checks on VMSS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces usage of automatic OS upgrade with application health checks through health probes, which enables safer rollout by evaluating application health after each OS upgrade batch.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade\",\r\n \"equals\": \"True\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/networkProfile.healthProbe.id\",\r\n \"exists\": \"False\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f0161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible app Whitelisting in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible Application Whitelist configuration will be monitored by Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"applicationWhitelisting\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47a6b606-51aa-4496-8bb7-64b11cf66adc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48893b84-a2c8-4d9a-badf-835d5d1b7d53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Applies a required tag and its default value to resource groups if it is not specified by the user.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d1c04de-2172-403f-901b-90608c35c721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit maximum number of owners for a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateLessThanXOwners\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f11b553-d42e-4e3a-89be-32ca364cad4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with write permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df82f4f-773a-4a2d-97a2-422a806f1a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in India data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: West India, South India, Central India\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with read permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit the setting of ClusterProtectionLevel property to EncryptAndSign in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].name\",\r\n \"notEquals\": \"Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name\",\r\n \"notEquals\": \"ClusterProtectionLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value\",\r\n \"notEquals\": \"EncryptAndSign\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"617c02be-7f02-4efd-8836-3180d47b6c68\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit missing blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits storage accounts without blob encryption. It only applies to Microsoft.Storage resource types, not other storage providers. Possible network Just In Time access will be monitored by Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"655cb504-bcee-4362-bd4c-402e6aa38759\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a Function app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"664346d9-be92-43fb-a219-d595eeb76a90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a web application from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8450e2-6c61-43b4-be65-62e3a197bffe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization cannot deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that cannot be deployed.\",\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesNotAllowed')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdb9205-3462-4cfc-87d8-16c7860b53f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"EnforcePasswordHistory\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed storage account SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"StorageSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7433c107-6db4-4ad1-b57a-a76dce0154a1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in App Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"752c6934-9bcc-4749-b004-655e676ae2ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor VM Vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"vulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"760a85ff-6162-42b3-8d70-698e268f648c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"IaaSDiagnostics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Diagnostics\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"LinuxDiagnostic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.OSTCExtensions\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c1b1214-f927-48bf-8882-84f0af6588b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e56b49b-5990-4159-a734-511ea19b731c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordMustMeetComplexityRequirements\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit diagnostic setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f89b1eb-583c-429a-8828-af049802c1d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a214f7-d01a-484b-91a9-ed54470c9a6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy SQL DB transparent data encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enables transparent data encryption on SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('fullDbName'), '/current')]\",\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"apiVersion\": \"2014-04-01\",\r\n \"properties\": {\r\n \"status\": \"Enabled\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"value\": \"[field('fullName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing system updates in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Missing security system updates on your servers will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"systemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86b3d65f-7626-441e-b690-81a8b71cff60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"not_installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"not_installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"884b209a-963b-4520-8006-d20cb3c213e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces a required tag and its value on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce3da23-7156-49e4-b145-24f95f9dcb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"StorePasswordsUsingReversibleEncryption\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9297c21d-2ed6-4474-b48f-163f75654ce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in European data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: North Europe, West Europe\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"northeurope\",\r\n \"westeurope\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"94c19f19-8192-48cd-a11b-e37099d3e36b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in United States data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"centralus\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"northcentralus\",\r\n \"southcentralus\",\r\n \"westus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"983211ba-f348-4758-983b-21fa29294869\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9bfe3727-0a17-471f-a2fe-eddd6b668745\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected network endpoints in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network endpoints without a Next Generation Firewall's protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedNetworkEndpoint\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9daedab3-fb2d-461e-b861-71790eead4f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that can be deployed.\",\r\n \"displayName\": \"Allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesAllowed')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a08ec900-254a-4555-9bf5-e42af04b5c5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Service Bus namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1817ec0-a368-432a-8057-8371e17ac6ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a451c1ef-c6ca-483d-87ed-f49761e3ffb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL server level Auditing settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audits the existence of SQL Auditing at the server level\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Desired Auditing setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enabled\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit standard tier of DDoS protection is enabled for a virtual network\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableDDoSProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce encryption on Data Lake Store accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures encryption is enabled on all Data Lake Store accounts\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DataLakeStore/accounts/encryptionState\",\r\n \"equals\": \"Disabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7ff3161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unencrypted SQL servers or databases will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a8bef009-a5c9-4d0f-90d7-6018734e8a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy network watcher when virtual networks are created\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"networkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[field('location')]\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-09-01\",\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"name\": \"[concat('networkWacher_', parameters('location'))]\",\r\n \"location\": \"[parameters('location')]\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with owner permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa633080-8b72-40c4-a2d7-d00c03e80bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Automatic provisioning of security monitoring agent\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Installs security agent on VMs for advanced security alerts and preventions in Azure Security Center. Applies only for subscriptions that use Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"securityAgent\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abcc6037-1fc4-47f6-aac5-89706589be24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'environment' tag value in allowed values\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.environment\",\r\n \"in\": [\r\n \"production\",\r\n \"dev\",\r\n \"test\",\r\n \"staging\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"endpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af6cd1bd-1635-48cb-bde7-5b15693900b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unaudited SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"SQL servers and databases which doesn't have SQL auditing turned on will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"auditing\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af8051bf-258b-44e2-a2bf-165330459f9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible network Just In Time (JIT) access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"jitNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM /etc/passwd file permissions are set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Event Hub namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b278e460-7cfc-4451-8294-cccc40a940d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"AuditSecureProtocol\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AuditSecureProtocol\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs for Search service\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Search\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an API app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b48334a4-911b-4084-b1ab-3e6a4e50b951\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of Azure Active Directory for client authentication in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit usage of client authentication only via Azure Active Directory in Service Fabric\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b54ed75b-3e1a-44ac-a333-05ba39b99ff0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be0a7681-bed4-48dc-9ff3-f0171ee170b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Asia data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastasia\",\r\n \"southeastasia\",\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\",\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Data Lake Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply Diagnostic Settings for Network Security Groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy automatically deploys diagnostic settings to network security groups.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist)\",\r\n \"description\": \"This resource group must already exist\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setbypolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"rgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"storageDeployName\": \"[concat('policyStorage_', uniqueString(parameters('location'), parameters('nsgName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('nsgName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [\r\n \"[variables('storageDeployName')]\"\r\n ],\r\n \"properties\": {\r\n \"storageAccountId\": \"[reference(variables('storageDeployName')).outputs.storageAccountId.value]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('storageDeployName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('rgName')]\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-06-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[concat(parameters('storageprefix'), parameters('location'))]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"location\": \"[parameters('location')]\",\r\n \"tags\": {\r\n \"created-by\": \"policy\"\r\n },\r\n \"scale\": null,\r\n \"properties\": {\r\n \"networkAcls\": {\r\n \"bypass\": \"AzureServices\",\r\n \"defaultAction\": \"Allow\",\r\n \"ipRules\": [],\r\n \"virtualNetworkRules\": []\r\n },\r\n \"supportsHttpsTrafficOnly\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"storageAccountId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[resourceId(parameters('rgName'), 'Microsoft.Storage/storageAccounts',concat(parameters('storagePrefix'), parameters('location')))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('rgName')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb510bfd-1cba-4d9f-a230-cb0976f4bb71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed virtual machine SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for virtual machines.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cccc23c7-8427-4f53-ad12-b6a63eb452b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'department' tag set\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation only if the 'department' tag is set\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags\",\r\n \"containsKey\": \"department\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd8dc879-a2ae-43c3-8211-1877c5755064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Key Vault\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf820ca0-f99e-4f3e-84fb-66e913812d21\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Function Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a Function app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a web application from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd2ea520-6b06-45c3-806e-ea297c23e06a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e01598e8-6538-41ed-95e8-8b29746cd697\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor OS vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"osVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3576e28-8b17-4677-84c3-db2990658d64\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"global\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"notEquals\": \"Microsoft.AzureActiveDirectory/b2cDirectories\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e56962a6-4747-49cd-b67b-bf8b01975c4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Node.js Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Node.js version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestNodeJS\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e67687e8-08d5-4e7f-8226-5b4753bba008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations for resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that resource groups can be created in.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e765b5de-1225-4ba3-bd56-1ac6695af988\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within a web application must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e797f851-8be7-4c40-bb56-2e3395215b0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an API app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration and Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid110\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"NotInstalledApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"NotInstalledApplication\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[Parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0633351-c7b2-41ff-9981-508fc08553c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid121\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if they not logging to the LA workspace specified in the policy/initiative assignment.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"notEquals\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f47b5582-33ec-4c5c-87c0-b010a6b2e917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of authorization rules on Event Hub entities\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit existence of authorization rules on Event Hub entities to grant least-privileged access\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/eventhubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/eventHubs/authorizationRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4826e5f-6a27-407c-ae3e-9582eb39891d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Auditing on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\",\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8456c1c-aa66-4dfb-861a-25d127b775c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Service Bus\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Stream Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Stream Analytics\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingJobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits that the specified application is installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor SQL vulnerability assessment results in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedinstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"feedbf84-6b99-488c-acc2-71c829aa5ffc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage_httpsTrafficOnly\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/023217dd-81bb-461f-93ea-8799caac50c7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"023217dd-81bb-461f-93ea-8799caac50c7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"This shouldn't work\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This customer's policy is attempting to append multiple tags at once. I expect it will just append one tag with a really long name\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"value\": [\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04183864-11ae-4e7a-aadb-c600e40ed1b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04183864-11ae-4e7a-aadb-c600e40ed1b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Inherit named tag from resource group\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Applies the tag value from the resource group if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[resourcegroup().tags[parameters('tagName')]]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04904947-4d10-4454-9a50-f423d590e11b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04904947-4d10-4454-9a50-f423d590e11b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robga-nsgtemplate-test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ddfee46-9b63-4313-a529-cfbf968d8118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ddfee46-9b63-4313-a529-cfbf968d8118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akif incident - 85944710\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 85944710\\nhttps://icm.ad.msft.net/imp/v3/incidents/details/85944710/home\\n\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af12870bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af12870bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"second attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af1287abe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af1287abe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/123c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"123c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim nsg repro\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"fix\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/14ac45e9-df97-455d-b6ee-dd216f15f694\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"14ac45e9-df97-455d-b6ee-dd216f15f694\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim-incident-86226837-fix\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"1 - reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/15358dd8-671e-4c96-be33-2b668791418f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"15358dd8-671e-4c96-be33-2b668791418f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Attempt service bus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logProfiles\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logProfiles/serviceBusRuleId\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/163c640e-681c-445f-92ba-cd434bd8c11c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"163c640e-681c-445f-92ba-cd434bd8c11c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.zyx\",\r\n \"exists\": \"false\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/17d43473-870f-4bc8-93c6-3961fa1d91cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17d43473-870f-4bc8-93c6-3961fa1d91cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit all tags\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"tags\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags\",\r\n \"value\": \"[resourceGroup().tags]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1e3c9312-c011-40a3-ac40-3bf3ddc24120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e3c9312-c011-40a3-ac40-3bf3ddc24120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource group locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Allowed resource group locations\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f20036f-28c3-48f3-9266-05d50fe391f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f20036f-28c3-48f3-9266-05d50fe391f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"docdb_aliases_test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/isVirtualNetworkFilterEnabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f5360b7-fe59-43f7-8af5-825df420d09c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f5360b7-fe59-43f7-8af5-825df420d09c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ovewrites security rules with IP restrictions at the securityRule level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Limit to one protocol. The most inclusive should come last. I.e. 22;22-22;22-23\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"priority\": {\r\n \"type\": \"int\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[parameters('fullRuleName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-02-01\",\r\n \"properties\": {\r\n \"protocol\": \"*\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[last(parameters('destinationPortRanges'))]\",\r\n \"access\": \"Allow\",\r\n \"direction\": \"Inbound\",\r\n \"priority\": \"[parameters('priority')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[field('Microsoft.Network/networksecurityGroups/securityRules/priority')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"20c4afd0-8a77-4433-b8b0-4ad06e4c7111\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy NSGs on Subnets\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforce that all subnets have a Network Security Group. If a subnet does not have one an NSG with the default Internet Exposed Endpoint restrictions will be created and associated with it.\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string to apply to all automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges must not overlap.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks/subnets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"notEquals\": \"null\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgPrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"nsgName\": \"[concat(parameters('nsgPrefix'), '-', parameters('location'))]\",\r\n \"vnetName\": \"[split(parameters('fullResourceName'), '/')[0]]\",\r\n \"vnetResourceId\": \"[resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))]\",\r\n \"getVnetDeploymentName\": \"[concat('getVnet-', variables('vnetName'))]\",\r\n \"collectSubnetsDeploymentName\": \"[concat('collectSubnets-', variables('vnetName'))]\",\r\n \"overwriteVnetDeploymentName\": \"[concat('overwriteVnet-', variables('vnetName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"vnetProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('vnetResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[variables('nsgName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"securityRules\": [\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Restrict\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from specific IP ranges (either corpnet or SAW)\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3997,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_AllowVnet\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from within the VNET\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"VirtualNetwork\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3998,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Deny\",\r\n \"properties\": {\r\n \"description\": \"Deny any controlled port connections that aren't explicitly allowed in higher priority rules\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 3999,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_AllowAll\",\r\n \"properties\": {\r\n \"description\": \"Allow all inbound traffic that isn't explicitly blocked by Port Lockdown restrictions\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 4000,\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectSubnetsDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_collectSubnets_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"nsgResourceId\": {\r\n \"value\": \"[resourceid('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"dependsOn\": [\r\n \"[variables('nsgName')]\"\r\n ],\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_overwriteVnet_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"updatedSubnets\": {\r\n \"value\": \"[reference(variables('collectSubnetsDeploymentName')).outputs.updatedSubnets.value]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"nsgPrefix\": {\r\n \"value\": \"[parameters('nsgPrefix')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/210ed8bd-6b07-4d5e-a62c-c34f07293288\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"210ed8bd-6b07-4d5e-a62c-c34f07293288\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit all Microsoft.Web/sites/config/authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/211a466d-b2be-46e8-b029-8c28f566f118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"211a466d-b2be-46e8-b029-8c28f566f118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of a tag2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits that a required tag is present on resources\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"notcontainsKey\": \"[parameters('tagName')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24813039-7534-408a-9842-eb99f45721b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append single location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.locationTest\",\r\n \"value\": \"[parameters('allowedLocation')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin oms vm linux parameterized effect\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"263f13f4-6b88-4788-bead-34beedde70ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test guest assignment\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/28e54a72-2fd7-40d3-afe2-b05423e0147a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"28e54a72-2fd7-40d3-afe2-b05423e0147a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"2nd attempt on this policy. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"notIn\": \"[parameters('allowedLocations')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd60841400\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd60841400\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-combined\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"the combined policy attempt for both cosmos db cases. \",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"locationNames\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd6084180f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd6084180f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage ip rules append 2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.ipRules\",\r\n \"value\": [\r\n {\r\n \"value\": \"8.8.8.8\",\r\n \"action\": \"Allow\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/2b2317a7-ab02-47b5-8159-eb7e6227709f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2b2317a7-ab02-47b5-8159-eb7e6227709f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[demo] Enforce KeyVault diagnostic log storage\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"[tolower(concat('cheggkv', parameters('location')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('cheggremdemo', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/332ce4ac-9200-4573-8c66-92b85fc82c8d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"332ce4ac-9200-4573-8c66-92b85fc82c8d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_enableAutomaticFailover\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/enableAutomaticFailover\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_defaultConsistencyLevel\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/consistencyPolicy.defaultConsistencyLevel\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0b7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_readLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_writeLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_failoverPolicies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd160\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c0df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c0df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL and Managed Instance TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c144\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c144\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services vaults test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"vault\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vault\",\r\n \"description\": \"The Recovery Services Vault.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n },\r\n \"vaults\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vaults\",\r\n \"description\": \"The list of Recovery Services Vaults.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('vault')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('vaults')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b2c1b0f-63c5-4943-8578-6d37fbe411bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b2c1b0f-63c5-4943-8578-6d37fbe411bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b788cf8-ff6f-4075-86a1-ab76270790e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b788cf8-ff6f-4075-86a1-ab76270790e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3cc5820a-cbb8-4977-9c90-d90ced95f12c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3cc5820a-cbb8-4977-9c90-d90ced95f12c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Name should have prefix and suffix\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Name should have prefix and suffix\",\r\n \"parameters\": {\r\n \"prefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The prefix\",\r\n \"description\": \"The name prefix\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"suffix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The suffix\",\r\n \"description\": \"The name suffix.\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('prefix'), '*', parameters('suffix'))]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e275e2e-a157-4ade-8f91-43b3ea370007\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e275e2e-a157-4ade-8f91-43b3ea370007\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Restrict VM skus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Restricts allowed VM skus to a predefined regex\",\r\n \"parameters\": {\r\n \"allowedSkuTemplate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed VM sku template\",\r\n \"description\": \"The VM sku template. Supports wildcards via '*'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"like\": \"[parameters('allowedSkuTemplate')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e34c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e34c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKU\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits the use of storage account SKUs that don't meet organizational cost policy.\",\r\n \"parameters\": {\r\n \"listOfAllowedSkus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of allowed SKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSkus')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e3682\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e3682\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaDataFactoryTest1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"RobgaDataFactoryTest\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataFactory/factories\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/robgatestworkspace/providers/Microsoft.OperationalInsights/workspaces/robgatestworkspace\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce autoUpgrade on VM/VMSS extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies any VM or VMSS extensions that do not have autoUpgradeMinorVersion set to true.\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f772\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f772\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically enabled autoUpgradeMinorVersion on VM extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f783\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f783\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM scale set extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically appends autoUpgradeMinorVersion=true to VMSS extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f7a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f7a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService must use serverFarm\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService serverFarm must have capacity > 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/serverFarms\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/serverFarms/sku.capacity\",\r\n \"in\": [\r\n \"0\",\r\n \"1\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc23\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc23\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Definition to be deleted.\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy will deploy a key vault named KV_B if a key vault named KV_A does not exist.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"KV_B\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-10-01\",\r\n \"name\": \"KV_A\",\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"location\": \"eastus2\",\r\n \"properties\": {\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"sku\": {\r\n \"family\": \"A\",\r\n \"name\": \"standard\"\r\n },\r\n \"accessPolicies\": []\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/48ba81c1-0012-4796-8166-c2efb4304190\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48ba81c1-0012-4796-8166-c2efb4304190\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Do_Not_Delete\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy is used for unit tests. Please do not delete it.\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4a0425e4-97bf-4ad0-ab36-145b94083c60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4a0425e4-97bf-4ad0-ab36-145b94083c60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny MySQL firewallRules starting with 0\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4b94c320-ce63-4fb6-ba9d-7dbe648b90de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4b94c320-ce63-4fb6-ba9d-7dbe648b90de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83686598\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"deny the creation of storage if supportsHttpsTrafficOnly is false\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"detect 'allow All' NSG rule\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c915617-16f0-4c62-b021-e66d5409d11d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c915617-16f0-4c62-b021-e66d5409d11d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332195\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332199\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332199\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny storage container creation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts/blobServices/containers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4d2f8837-7acb-4488-b580-95960ee3f116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d2f8837-7acb-4488-b580-95960ee3f116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure auto-created NSG rules exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ensures that security rules created in auto-created PortLockdown NSGs are not tampered with\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string applied to automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to in the expected security rule. I.e. 192.4.0.0/8;192.5.0.0/8 or *\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions in the expected security rule\"\r\n }\r\n },\r\n \"priority\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected priority\",\r\n \"description\": \"The priority of the expected security rule.\"\r\n }\r\n },\r\n \"access\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected access\",\r\n \"description\": \"The access (allow/deny) of the expected security rule.\"\r\n },\r\n \"allowedValues\": [\r\n \"Allow\",\r\n \"Deny\"\r\n ]\r\n },\r\n \"name\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected name\",\r\n \"description\": \"The name of the expected security rule.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('nsgPrefix'), '-', field('location'))]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"equals\": \"[parameters('priority')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"[parameters('access')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"name\": {\r\n \"type\": \"string\"\r\n },\r\n \"priority\": {\r\n \"type\": \"string\"\r\n },\r\n \"access\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"isSinglePrefix\": \"[equals(count(parameters('sourceAddressPrefixes')), 1)]\",\r\n \"isSinglePortRange\": \"[equals(count(parameters('destinationPortRanges')), 1)]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('nsgName'), '/', parameters('name'))]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"properties\": {\r\n \"description\": \"Rule auto-created by Internet Exposed Endpoints protection\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[if(variables('isSinglePortRange'), first(parameters('destinationPortRanges')), '')]\",\r\n \"destinationPortRanges\": \"[if(not(variables('isSinglePortRange')), parameters('destinationPortRanges'), json('[]'))]\",\r\n \"sourceAddressPrefix\": \"[if(variables('isSinglePrefix'), first(parameters('sourceAddressPrefixes')), '')]\",\r\n \"sourceAddressPrefixes\": \"[if(not(variables('isSinglePrefix')), parameters('sourceAddressPrefixes'), json('[]'))]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"[parameters('access')]\",\r\n \"priority\": \"[int(parameters('priority'))]\",\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"name\": {\r\n \"value\": \"[parameters('name')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[parameters('priority')]\"\r\n },\r\n \"access\": {\r\n \"value\": \"[parameters('access')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f283ec4-25a9-46df-bbf2-806ed5a3e115\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rs defaultvalue backslash\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Extensions to Exclude\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \".FWD;.GSC;.GSE;.MYD;.MYI;.SMD;.VAC;.BAK;.CHK;.FRM;.LDF;.LOG;.MBX;.MDF;.NDF;.TRN;.UND;.UNF;.UNH;.UNI;.UNQ;.UNS;.VHD;.VMDX;.WCI;.EDB;.SDS\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Paths to Exclude\",\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Sysvol;C:\\\\ProgramData\\\\Microsoft\\\\SharePoint;C:\\\\Program Files\\\\Common Files\\\\Microsoft Shared\\\\Web Server Extensions;C:\\\\Program Files\\\\Operations Manager;C:\\\\Program Files\\\\Microsoft Monitoring Agent;C:\\\\Program Files\\\\Microsoft Office Servers;C:\\\\Program Files\\\\Microsoft System Center 2012 R2\\\\Server;C:\\\\Program Files\\\\System Center Operations Manager;C:\\\\Program Files\\\\System Center Operations Manager 2007;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\NTDS;C:\\\\Windows\\\\System32\\\\LogFiles;C:\\\\Windows\\\\Sysvol;C:\\\\Program Files\\\\Double-Take Software;C:\\\\Program Files\\\\DoubleTake;C:\\\\Program Files\\\\Exchsrvr;C:\\\\Program Files\\\\Ipswitch;C:\\\\Program Files\\\\LogMeIn;C:\\\\Windows\\\\SoftwareDistribution\\\\Datastore;C:\\\\Windows\\\\Temp\\\\Gthrsvc\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Processes to Exclude\",\r\n \"description\": \"Semicolon delimited list of processes to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"HealthService.exe;ManagementService.exe;Microsoft.Mom.Sdk.Service.exe;Microsoft.Mom.ConfigServiceHost.exe;MonitoringHost.exe;pagefile.sys\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable real time protection\",\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Scheduled scans\",\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n },\r\n \"defaultValue\": \"false\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Scheduled Scan Type\",\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n },\r\n \"defaultValue\": \"Quick\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Day of Scheduled Scan\",\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n },\r\n \"defaultValue\": \"7\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Time of Scheduled Scan\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"120\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"value\": \"[parameters('ExclusionsExtensions')]\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"value\": \"[parameters('ExclusionsPaths')]\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"value\": \"[parameters('ExclusionsProcesses')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"[parameters('RealtimeProtectionEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsIsEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsDay')]\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsTime')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50877efd-8dd9-43d5-b4e6-3b70e64311b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50877efd-8dd9-43d5-b4e6-3b70e64311b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy key vault KV_B if key vault KV_A does not exist.\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy will deploy a key vault named KV_B if a key vault named KV_A does not exist.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"KV_B\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-10-01\",\r\n \"name\": \"KV_A\",\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"location\": \"eastus2\",\r\n \"properties\": {\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"sku\": {\r\n \"family\": \"A\",\r\n \"name\": \"standard\"\r\n },\r\n \"accessPolicies\": []\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50e2972e-143c-4edf-9ef6-bee0f84212d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaTestRbac\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Authorization/roleAssignments/principalId\",\r\n \"equals\": \"Admin\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/560482cd-dac5-41e6-9cef-b0aecd6020de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"560482cd-dac5-41e6-9cef-b0aecd6020de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"GokmenhAuditLocation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit if not west us\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5948d091-78b7-4d3b-a404-cc6a0329b0c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5948d091-78b7-4d3b-a404-cc6a0329b0c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"deployifnotexist template alias tests - redis\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/Redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/sku.family\",\r\n \"equals\": \"C\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"Whatever*\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"type\": \"string\"\r\n },\r\n \"nameField\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuFamilyOut\": {\r\n \"value\": \"[parameters('skuFamily')]\",\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPortOut\": {\r\n \"value\": \"[parameters('enableNonSslPort')]\",\r\n \"type\": \"string\"\r\n },\r\n \"nameFieldOut\": {\r\n \"value\": \"[parameters('nameField')]\",\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/sku.family')]\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/enableNonSslPort')]\"\r\n },\r\n \"nameField\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"exists\": \" false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca376\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca376\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86318519\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86318519\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallrules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"AllowAllWindowsAzureIps\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca600\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca600\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"exists\": \"true\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"notIn\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca8d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca8d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Test storage alias\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Test storage alias\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"type\": \"string\"\r\n },\r\n \"encrypt\": {\r\n \"type\": \"string\"\r\n },\r\n \"accessTier\": {\r\n \"type\": \"string\"\r\n },\r\n \"skuName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuNameOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('skuName')]\"\r\n },\r\n \"accessTierOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('accessTier')]\"\r\n },\r\n \"httpsOnlyOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('httpsOnly')]\"\r\n },\r\n \"encryptOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('encrypt')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly')]\"\r\n },\r\n \"encrypt\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/enableBlobEncryption')]\"\r\n },\r\n \"accessTier\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/accessTier')]\"\r\n },\r\n \"skuName\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/sku.name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5fa69139-9a49-464e-90b5-0d243a469138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5fa69139-9a49-464e-90b5-0d243a469138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit costcenter tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"value\": \"[resourceGroup().tags.CostCenter]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6ced0d17-98f3-41e2-8038-08c8f4fb90e3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6ced0d17-98f3-41e2-8038-08c8f4fb90e3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim Apply allowed tag and its default value\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"3\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n },\r\n \"allowedValues\": [\r\n \"TagA\",\r\n \"TagB\"\r\n ]\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6d1735de-f3e3-4c40-a8b2-7b3a1042a895\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6d1735de-f3e3-4c40-a8b2-7b3a1042a895\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": null\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"3\"\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"Metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The metric operator.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"The timeAggregation.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"The window size.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"The evaluation frequency.\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The action group id.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('alertNamePrefix'), '*')]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(toLower(parameters('alertNamePrefix')), uniqueString(resourceGroup().id))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6f2c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6f2c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testImageId\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"css\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"contains\": \"resourceGroups/testSandipsh\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/70dc1e8d-61c9-4089-8bf5-895b227c1298\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"70dc1e8d-61c9-4089-8bf5-895b227c1298\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"policyTrackedResources-sdk-tests\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"notIn\": [\r\n \"policyTrackedResources-sdk-tests-rule1\",\r\n \"policyTrackedResources-sdk-tests-rule2\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule1')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule2')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2001,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny if blob is not encrypted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/74d5cf40-7293-46a4-a285-7ea971e3719a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"74d5cf40-7293-46a4-a285-7ea971e3719a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Location restriction\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Policy to force allocations to a set of given locations\",\r\n \"metadata\": {\r\n \"category\": \"cstack\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/763dcd1d-a4a9-46a8-8bd3-357c4533a335\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"763dcd1d-a4a9-46a8-8bd3-357c4533a335\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"chegg deploy VMSS extension\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"GenevaMonitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Geneva\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-01\",\r\n \"name\": \"[concat(parameters('vmssName'), '/', 'genevaExtension2')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Geneva\",\r\n \"type\": \"GenevaMonitoring\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {}\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/767d74dd-8fe3-4ef2-a38a-52164f9230da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"767d74dd-8fe3-4ef2-a38a-52164f9230da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83577342 deny proxy resource location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/83577342/home\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"eastus\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingjobs/transformations\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/77429b44-aac1-4417-a53e-6900c07e11ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"77429b44-aac1-4417-a53e-6900c07e11ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Block TLS < 1.2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/slots/config\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\r\n \"notEquals\": \"1.2\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/78c5df31-2f05-4f4d-acfe-3e536d88c1bc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"78c5df31-2f05-4f4d-acfe-3e536d88c1bc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny ActiveDirectory administrators\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/administrators/administratorType\",\r\n \"equals\": \"ActiveDirectory\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash weird chars\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR!@#$%^&*()_+=-{}[];:',.<>?~`/;C:\\\\hello\\\\there\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7f4d769f-78db-46eb-ac3c-0b8214f8c245\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f4d769f-78db-46eb-ac3c-0b8214f8c245\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock v2\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/83daa8ee-7c9a-470c-81a8-5a99ac09d134\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83daa8ee-7c9a-470c-81a8-5a99ac09d134\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"northwell.io\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/86cd412c-c557-473b-984c-a5f15cdcb116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86cd412c-c557-473b-984c-a5f15cdcb116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Parameterized effect (if location != eastus)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The policy effect.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"eastus\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"885f1dcb-a9c5-4c8c-8996-2702db44a2d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.xyz\",\r\n \"exists\": false\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8959fd87-c1dd-4831-9034-a4f876bee1cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8959fd87-c1dd-4831-9034-a4f876bee1cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Kubernetes ingress policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Only specified ingress is allowed based on names\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere applicability test 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/whatever\"\r\n },\r\n {\r\n \"field\": \"tags.applicability\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8e6b598c-1a45-404b-97dd-983e37c040da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8e6b598c-1a45-404b-97dd-983e37c040da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_ipRangeFilter\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/ipRangeFilter\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9012b1cd-b045-46c6-a510-6137e06a009c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash (array)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": [\r\n \"C:\\\\rs-pkgs\",\r\n \"C:\\\\System Volume Information\\\\DFSR\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/985adbc0-6d2e-448a-ac26-89d3688191d5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"985adbc0-6d2e-448a-ac26-89d3688191d5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github209\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/virtualNetworkRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9a060c03-fda7-4b0a-b4da-15e2b7e4d117\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9a060c03-fda7-4b0a-b4da-15e2b7e4d117\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - Subscription Lvl test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Subscriptionlevel auditIfNotExist policy\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a1b067c8-2970-4c0b-b0da-31ae7f33d1de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1b067c8-2970-4c0b-b0da-31ae7f33d1de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Noop\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Don't do anything\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"yabba\",\r\n \"dabba\",\r\n \"doo\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a309ad64-0bae-48d9-a6b1-d99c0b4218b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a309ad64-0bae-48d9-a6b1-d99c0b4218b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyof\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a337c781-c7d8-4e12-ae69-1951c7e74378\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a337c781-c7d8-4e12-ae69-1951c7e74378\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127 - better\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\",\r\n \"Deny\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"81196380\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure https traffic only for storage account\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure https traffic only for storage account\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"true\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscription name tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"add subscription name tag\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionname\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionname\",\r\n \"value\": \"[subscription().displayName]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d82a2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d82a2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Add subscription \\\"id\\\" tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.id\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.id\",\r\n \"value\": \"[subscription().id]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8339\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8339\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscriptionId tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionId\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionId\",\r\n \"value\": \"[subscription().subscriptionId]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8635\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8635\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgaNSGtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/aeb6a524-e3d1-4b8a-afa8-26ae4e291116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aeb6a524-e3d1-4b8a-afa8-26ae4e291116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed Location Indexed\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"hackathon policy\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Allowed-Locations-Indexed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Allowed-Locations-Indexed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if antiMalware extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy audits if the anti malware extension .\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/antiMalwareExtensionExists\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"antiMalwareExtensionExists\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Web socket must be disabled on App Services\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures web sockets are disabled on App Services.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/AppServiceWebSockets\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"AppServiceWebSockets\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure Security Center must be enabled\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures Azure Security Center is enabled.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ASCEnabled\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ASCEnabled\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and it's value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and its value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits if a required extension doesn't exist.\",\r\n \"parameters\": {\r\n \"publisher\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The publisher of the extension\",\r\n \"displayName\": \"Extension Publisher\"\r\n }\r\n },\r\n \"type\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The type of the extension\",\r\n \"displayName\": \"Extension Type\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"[parameters('publisher')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"[parameters('type')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/audit-vm-extension\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"audit-vm-extension\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"CanCrudPolicyAssignment Policy Definition $[Auto Test]\",\r\n \"policyType\": \"Custom\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"ResourceProviderTestHost/TestResourceType/TestResourceTypeNestedOne/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/azsmnet6487\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"azsmnet6487\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"89322663 audit diag setting\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"description\": \"The list of resources types to audit for missing diagnostic log settings.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"details\": {\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"equals\": \"true\",\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\"\r\n }\r\n ]\r\n },\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\"\r\n },\r\n \"effect\": \"AuditIfNotExists\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b350b9b0-8ba5-4867-bc9c-63b4544671b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b350b9b0-8ba5-4867-bc9c-63b4544671b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"makharchtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"policy\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b36f6195-0fc5-4a41-bbce-875248400f5f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b36f6195-0fc5-4a41-bbce-875248400f5f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash really long string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b9203c56-0565-434a-a315-87f4da9f21b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b9203c56-0565-434a-a315-87f4da9f21b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"NSG Rules exists test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].protocol\",\r\n \"notLike\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/bb6a78ae-8737-41e0-9c41-cc777c8c00a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bb6a78ae-8737-41e0-9c41-cc777c8c00a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c0f586f1-abe5-4801-8588-7332e49e60c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c0f586f1-abe5-4801-8588-7332e49e60c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"234\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logprofiles\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/logprofiles\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Doublecheck the lifecycle tag policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy refers to tags['Lifecycle'], which with the current implementation of the escaped tags syntax will refer to a tag named 'Lifecycle' (quotes and all). This is a customer policy that would be broken when I switch the meaning of tags['Lifecycle'] to refer simply to a tag named Lifecycle (no quotes)\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['Lifecycle']\",\r\n \"notIn\": [\r\n \"dev\",\r\n \"tst\",\r\n \"stg\",\r\n \"prd\",\r\n \"trn\",\r\n \"prf\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c6be98a9-8108-40aa-b726-d2ae8e2891b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c6be98a9-8108-40aa-b726-d2ae8e2891b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe resource group auditIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c7b9982d-2f50-4730-935f-5c241982a441\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c7b9982d-2f50-4730-935f-5c241982a441\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed resource types\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": \"The list of allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('allowedTypes')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c872f951-1c5d-4c61-89dd-aee2350a11ba\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8b79b49-a579-4045-984e-1b249ab8b474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8cedfaa-4aa0-465a-8b90-49caf8177158\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8cedfaa-4aa0-465a-8b90-49caf8177158\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere css block NSG changes\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/95894791/home\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"nsgName\",\r\n \"description\": \"The name of the NSG.\"\r\n },\r\n \"defaultValue\": \"nsgName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('nsgName')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"fullName\",\r\n \"like\": \"[concat(parameters('nsgName'), '/*')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ca01432d-4278-45a6-8137-69f2155d2248\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ca01432d-4278-45a6-8137-69f2155d2248\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin empty string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure resource names meet the like condition for a pattern.\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"namePattern\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"namePattern\",\r\n \"description\": \"Pattern to use for names. Can include wildcard (*).\"\r\n },\r\n \"allowedValues\": [\r\n \"\",\r\n \"one\",\r\n \"two\"\r\n ],\r\n \"defaultValue\": \"\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('namePattern')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"camarvin-test-empty-assign\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere append 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.test\",\r\n \"value\": \"1\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny on 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.test\",\r\n \"equals\": \"1\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Resource name contains resource group name\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Require resources to contain the resource group's name\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"notContains\": \"[resourceGroup().name]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/contain-resource-group-name\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"contain-resource-group-name\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v3\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"third attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5002\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-deployIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"deploys a delete lock for a resource \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/0b88dfdb-55b3-4fb0-b474-5b6dcbe6b2ef/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"CanNotDelete\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {},\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"apiVersion\": \"2015-01-01\",\r\n \"name\": \"DeleteLock\",\r\n \"properties\": {\r\n \"level\": \"CanNotDelete\",\r\n \"notes\": \"prevent deletion\"\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5632\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5632\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce KeyVault diagnostic log storage (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"elperetest\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('elpere', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d0d9349d-843c-443a-9f27-5ce84f08c37e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d0d9349d-843c-443a-9f27-5ce84f08c37e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Access KV as part of remidiation deployment test (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"hello\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"outputs\": {\r\n \"testSecretOutput\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('testSecret')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"reference\": {\r\n \"keyVault\": {\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/elpere/providers/Microsoft.KeyVault/vaults/elpereKv\"\r\n },\r\n \"secretName\": \"test\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d35ce9be-f51b-4d3e-bc7f-dde2936381b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d35ce9be-f51b-4d3e-bc7f-dde2936381b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs (NSG level)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Overwrites security rules with IP restrictions at the NSG level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges may overlap.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"getNsgDeploymentName\": \"[concat('getNSGContent-', parameters('nsgName'))]\",\r\n \"collectorDeploymentName\": \"[concat('collectRules-', parameters('nsgName'))]\",\r\n \"overwriteNsgDeploymentName\": \"[concat('overwriteNsg-', parameters('nsgName'))]\",\r\n \"nsgResourceId\": \"[resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"nsgProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('nsgResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectorDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_collectRules_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"nsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"portRangesToRestrict\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_overwriteNSG_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"originalNsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"updatedSecurityRules\": {\r\n \"value\": \"[reference(variables('collectorDeploymentName')).outputs.updatedSecurityRules.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d7b13c30-e6aa-47e1-b50a-8e33f152d086\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d7b13c30-e6aa-47e1-b50a-8e33f152d086\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Audited skus\",\r\n \"description\": \"The list of skus.\",\r\n \"strongType\": \"storageSkus\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e90ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e90ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List Of Allowed SKUs\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"vmSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e9170\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e9170\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[elpere] deployIfNotExists Runners test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"deployIfNotExistsTestsRule\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/deployIfNotExistsTestsRule')]\",\r\n \"properties\": {\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbfa9fc0-5202-4001-8759-1aa2387f825b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbfa9fc0-5202-4001-8759-1aa2387f825b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"allowedOS\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"test_sandipsh\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedWindows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Windows VMs\",\r\n \"description\": \"The list of allowed VMs for Windows.\"\r\n }\r\n },\r\n \"listOfAllowedUbuntus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Ubuntu VMs\",\r\n \"description\": \"The list of allowed VMs for Ubuntu.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/disks\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"Canonical\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"UbuntuServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedUbuntus')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedWindows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services backup policies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"policies\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policies\",\r\n \"description\": \"The list of allowed Recovery Services backup policies.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n },\r\n \"policy\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policy\",\r\n \"description\": \"Allowed Recovery Services backup policy.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('policies')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('policy')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e3f9a624-b17d-4dc8-9649-65814d3241bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3f9a624-b17d-4dc8-9649-65814d3241bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"authSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their logs config\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"logs\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny changing sites authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"defaultValue: all parameters\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"defaultValue\"\r\n },\r\n \"parameters\": {\r\n \"locations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array)\",\r\n \"description\": \"The list of locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": [\r\n \"eastus\",\r\n \"westus\"\r\n ]\r\n },\r\n \"location\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string)\",\r\n \"description\": \"The location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"resourceGroups\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array)\",\r\n \"description\": \"The list of resource groups.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": [\r\n \"camarvin\"\r\n ]\r\n },\r\n \"resourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string)\",\r\n \"description\": \"The resource group.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": \"camarvin\"\r\n },\r\n \"tags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array)\",\r\n \"description\": \"The list of tags.\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"tag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string)\",\r\n \"description\": \"The tag.\"\r\n },\r\n \"defaultValue\": \"\"\r\n },\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array, av)\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": [\r\n \"eastus\"\r\n ]\r\n },\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string, av)\",\r\n \"description\": \"The allowed location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"allowedStorageSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array, av)\",\r\n \"description\": \"The list of allowed storage SKUs for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ]\r\n },\r\n \"allowedStorageSKU\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string, av)\",\r\n \"description\": \"The allowed storage SKU for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": \"Standard_LRS\"\r\n },\r\n \"allowedTags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array, av)\",\r\n \"description\": \"The list of allowed tags.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ]\r\n },\r\n \"allowedTag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string, av)\",\r\n \"description\": \"The allowed tag.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": \"FirstName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('locations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('resourceGroups')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('resourceGroup')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('tags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('tag')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedStorageSkus')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"Equals\": \"[parameters('allowedStorageSku')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedTags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"NotEquals\": \"[parameters('allowedTag')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ea1688b3-022e-4add-af39-2fe60689a3b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ea1688b3-022e-4add-af39-2fe60689a3b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny \\\"Allow All\\\" NSG rules\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies the creation of sourceAddressPrefix=\\\"*\\\", destinationPortRange=\\\"*\\\" NSG security rules\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"PortLockdown_AllowAll\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"notEquals\": \"4000\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github264\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/siteAuthSettings.enabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ef00ee9d-fe45-4d14-8bee-789eea392116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ef00ee9d-fe45-4d14-8bee-789eea392116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy enables you to audit your location.\",\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/LocationAuditDefinition\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"LocationAuditDefinition\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"northeurope\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/policy2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"policy2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps6386\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps6386\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps8886\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps8886\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9652\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps9652\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test policy\",\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testSandipsh.draft\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testSandipsh.draft\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testtest\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"testtest\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testtest\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testtest\"\r\n }\r\n ]\r\n}", + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines without disaster recovery configured\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"ASR-Protect-*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an Function app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"001802d1-4969-4c82-a700-c29c6c6f9bbd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"053d3325-282c-4e5c-b944-24faffd30d77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Data Lake Store\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057ef27e-665e-4328-8ea3-04b3122bd9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL DB Level Audit Setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit DB level audit setting for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit VMs that do not use managed disks\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0868462e-646c-4fe3-9ced-a733534b6a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08b17839-76c6-4015-90e0-33d9d54d219c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit minimum number of owners for subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate more than one subscription owner in order to have administrator access redundancy.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateMoreThanOneOwner\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted VM Disks in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0961003e-5a0a-4549-abde-af6a37f2724d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit resource location matches resource group location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that the resource location matches its resource group location\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"notIn\": [\r\n \"[resourcegroup().location]\",\r\n \"global\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a914e76-4921-4c19-b460-a2d36003525a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an function app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e60b895-3786-45da-8377-9c6b4b6ac5f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11ac78e3-31bc-4f0c-8434-37ab963cea07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the required content to audit that an application is installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"WhitelistedApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WhitelistedApplication\"\r\n },\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"installedApplication\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[Parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit transparent data encryption status\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit transparent data encryption status for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"enabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17k78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1c210e94-a481-4beb-95fa-1571b434fb04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicCompute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d84d5fb-01f6-4d12-ba4f-4a26081d403d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1de7b11d-1870-41a5-8181-507e7c663cfb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enforces a required tag and its value. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e30110a-5ceb-460c-a204-c1c3969c6d62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit provisioning of an Azure Active Directory administrator for SQL server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/administrators\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f314764-cb73-4fc9-b863-8eca98ac36e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected web application in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Web applications without a Web Application Firewall protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\",\r\n \"Microsoft.Web/hostingEnvironments\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201ea587-7c90-41c3-910f-c280ae01cfd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a API app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"224da9fe-0d38-4e79-adb3-0a6e2af942ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of only secure connections to your Redis Cache\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Cache\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22bee202-a82f-4305-9a2a-6d7f44d4dedb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordLength\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordLength\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit configuration of metric alert rules on Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit configuration of metric alert rules on Batch account to enable the required metric\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/alertRules\",\r\n \"existenceScope\": \"Subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\r\n \"equals\": \"[parameters('metricName')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\r\n \"equals\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', field('name'))]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Microsoft IaaSAntimalware extension for Windows Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys a Microsoft IaaSAntimalware extension with a default configuraion when a VM is not configured with the antimalware extension.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of process names to exclude from scanning\"\r\n }\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"false\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Quick\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"7\",\r\n \"metadata\": {\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"120\",\r\n \"metadata\": {\r\n \"description\": \"When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM.\"\r\n }\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2835b622-407b-4114-9198-6f7064cbe0dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Applies a required tag and its default value if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fde8a98-6892-426a-83ba-050e640c0ce0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32133ab0-ee4b-4b44-98d6-042180979d50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid232\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"equals\": \"Allow\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34c877ad-507e-4c82-993e-3452a6e0ad3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Logic Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Logic Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34f95f76-5386-4de7-b824-0d8478470c9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MaximumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MaximumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enablement of encryption of Automation account variables\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is important to enable encryption of Automation account variable assets when storing sensitive data\",\r\n \"metadata\": {\r\n \"category\": \"Automation\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts/variables\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Automation/automationAccounts/variables/isEncrypted\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3657f5a0-770e-44a3-b44e-9431ba1e9735\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Threat Detection is enabled on SQL Servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicStorage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in IoT Hubs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Internet of Things\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Devices/IotHubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"383856f8-de7f-44a2-81fc-e5135b5c2aa4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c1b3629-c8f8-4bf6-862c-037cb9094038\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Log Analytics Agent for Ubuntu VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace\",\r\n \"metadata\": {\r\n \"category\": \"Compute\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\",\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\",\r\n \"14.04.2-LTS\",\r\n \"12.04.5-LTS\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fe37002-5d00-4b37-a301-da09e3a0ca66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit secure transfer to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit requirment of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"404c3081-a854-4457-ae30-26a93ef643f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"428256e6-1fac-4f48-a757-df34c2b3336d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor permissive network access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"permissiveNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44452482-524f-4bf4-b852-0bff7cc4a3ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require SQL Server version 12.0\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures all SQL servers use version 12.0\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/version\",\r\n \"equals\": \"12.0\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46544d7b-1f0d-46f5-81da-5c1351de1b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce automatic OS upgrade with app health checks on VMSS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces usage of automatic OS upgrade with application health checks through health probes, which enables safer rollout by evaluating application health after each OS upgrade batch.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade\",\r\n \"equals\": \"True\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/networkProfile.healthProbe.id\",\r\n \"exists\": \"False\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f0161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible app Whitelisting in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible Application Whitelist configuration will be monitored by Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"applicationWhitelisting\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47a6b606-51aa-4496-8bb7-64b11cf66adc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48893b84-a2c8-4d9a-badf-835d5d1b7d53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Applies a required tag and its default value to resource groups if it is not specified by the user.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d1c04de-2172-403f-901b-90608c35c721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit maximum number of owners for a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateLessThanXOwners\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healty\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f11b553-d42e-4e3a-89be-32ca364cad4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with write permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df82f4f-773a-4a2d-97a2-422a806f1a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in India data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: West India, South India, Central India\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with read permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit the setting of ClusterProtectionLevel property to EncryptAndSign in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].name\",\r\n \"notEquals\": \"Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name\",\r\n \"notEquals\": \"ClusterProtectionLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value\",\r\n \"notEquals\": \"EncryptAndSign\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"617c02be-7f02-4efd-8836-3180d47b6c68\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit missing blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits storage accounts without blob encryption. It only applies to Microsoft.Storage resource types, not other storage providers. Possible network Just In Time access will be monitored by Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"655cb504-bcee-4362-bd4c-402e6aa38759\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a Function app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"664346d9-be92-43fb-a219-d595eeb76a90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a web application from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8450e2-6c61-43b4-be65-62e3a197bffe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization cannot deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that cannot be deployed.\",\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesNotAllowed')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdb9205-3462-4cfc-87d8-16c7860b53f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"EnforcePasswordHistory\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed storage account SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"StorageSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7433c107-6db4-4ad1-b57a-a76dce0154a1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in App Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"752c6934-9bcc-4749-b004-655e676ae2ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor VM Vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"vulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"760a85ff-6162-42b3-8d70-698e268f648c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"IaaSDiagnostics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Diagnostics\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"LinuxDiagnostic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.OSTCExtensions\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c1b1214-f927-48bf-8882-84f0af6588b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e56b49b-5990-4159-a734-511ea19b731c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordMustMeetComplexityRequirements\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit diagnostic setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f89b1eb-583c-429a-8828-af049802c1d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a214f7-d01a-484b-91a9-ed54470c9a6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy SQL DB transparent data encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enables transparent data encryption on SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('fullDbName'), '/current')]\",\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"apiVersion\": \"2014-04-01\",\r\n \"properties\": {\r\n \"status\": \"Enabled\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"value\": \"[field('fullName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing system updates in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Missing security system updates on your servers will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"systemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86b3d65f-7626-441e-b690-81a8b71cff60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"not_installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"not_installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"884b209a-963b-4520-8006-d20cb3c213e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces a required tag and its value on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce3da23-7156-49e4-b145-24f95f9dcb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"StorePasswordsUsingReversibleEncryption\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9297c21d-2ed6-4474-b48f-163f75654ce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in European data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: North Europe, West Europe\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"northeurope\",\r\n \"westeurope\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"94c19f19-8192-48cd-a11b-e37099d3e36b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in United States data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"centralus\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"northcentralus\",\r\n \"southcentralus\",\r\n \"westus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"983211ba-f348-4758-983b-21fa29294869\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9bfe3727-0a17-471f-a2fe-eddd6b668745\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected network endpoints in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network endpoints without a Next Generation Firewall's protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedNetworkEndpoint\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9daedab3-fb2d-461e-b861-71790eead4f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that can be deployed.\",\r\n \"displayName\": \"Allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesAllowed')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a08ec900-254a-4555-9bf5-e42af04b5c5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Service Bus namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1817ec0-a368-432a-8057-8371e17ac6ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a451c1ef-c6ca-483d-87ed-f49761e3ffb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL server level Auditing settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audits the existence of SQL Auditing at the server level\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Desired Auditing setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enabled\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit standard tier of DDoS protection is enabled for a virtual network\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableDDoSProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce encryption on Data Lake Store accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures encryption is enabled on all Data Lake Store accounts\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DataLakeStore/accounts/encryptionState\",\r\n \"equals\": \"Disabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7ff3161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unencrypted SQL servers or databases will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a8bef009-a5c9-4d0f-90d7-6018734e8a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy network watcher when virtual networks are created\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"networkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[field('location')]\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-09-01\",\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"name\": \"[concat('networkWacher_', parameters('location'))]\",\r\n \"location\": \"[parameters('location')]\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with owner permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa633080-8b72-40c4-a2d7-d00c03e80bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Automatic provisioning of security monitoring agent\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Installs security agent on VMs for advanced security alerts and preventions in Azure Security Center. Applies only for subscriptions that use Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"securityAgent\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abcc6037-1fc4-47f6-aac5-89706589be24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'environment' tag value in allowed values\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.environment\",\r\n \"in\": [\r\n \"production\",\r\n \"dev\",\r\n \"test\",\r\n \"staging\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"endpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af6cd1bd-1635-48cb-bde7-5b15693900b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unaudited SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"SQL servers and databases which doesn't have SQL auditing turned on will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"auditing\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af8051bf-258b-44e2-a2bf-165330459f9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible network Just In Time (JIT) access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"jitNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM /etc/passwd file permissions are set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Event Hub namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b278e460-7cfc-4451-8294-cccc40a940d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"AuditSecureProtocol\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AuditSecureProtocol\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs for Search service\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Search\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an API app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b48334a4-911b-4084-b1ab-3e6a4e50b951\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of Azure Active Directory for client authentication in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit usage of client authentication only via Azure Active Directory in Service Fabric\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b54ed75b-3e1a-44ac-a333-05ba39b99ff0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be0a7681-bed4-48dc-9ff3-f0171ee170b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Asia data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastasia\",\r\n \"southeastasia\",\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\",\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Data Lake Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply Diagnostic Settings for Network Security Groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy automatically deploys diagnostic settings to network security groups.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist)\",\r\n \"description\": \"This resource group must already exist\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setbypolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"rgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"storageDeployName\": \"[concat('policyStorage_', uniqueString(parameters('location'), parameters('nsgName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('nsgName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [\r\n \"[variables('storageDeployName')]\"\r\n ],\r\n \"properties\": {\r\n \"storageAccountId\": \"[reference(variables('storageDeployName')).outputs.storageAccountId.value]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('storageDeployName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('rgName')]\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-06-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[concat(parameters('storageprefix'), parameters('location'))]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"location\": \"[parameters('location')]\",\r\n \"tags\": {\r\n \"created-by\": \"policy\"\r\n },\r\n \"scale\": null,\r\n \"properties\": {\r\n \"networkAcls\": {\r\n \"bypass\": \"AzureServices\",\r\n \"defaultAction\": \"Allow\",\r\n \"ipRules\": [],\r\n \"virtualNetworkRules\": []\r\n },\r\n \"supportsHttpsTrafficOnly\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"storageAccountId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[resourceId(parameters('rgName'), 'Microsoft.Storage/storageAccounts',concat(parameters('storagePrefix'), parameters('location')))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('rgName')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb510bfd-1cba-4d9f-a230-cb0976f4bb71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed virtual machine SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for virtual machines.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cccc23c7-8427-4f53-ad12-b6a63eb452b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'department' tag set\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation only if the 'department' tag is set\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags\",\r\n \"containsKey\": \"department\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd8dc879-a2ae-43c3-8211-1877c5755064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Key Vault\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf820ca0-f99e-4f3e-84fb-66e913812d21\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Function Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a Function app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a web application from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd2ea520-6b06-45c3-806e-ea297c23e06a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e01598e8-6538-41ed-95e8-8b29746cd697\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor OS vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"osVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3576e28-8b17-4677-84c3-db2990658d64\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"global\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"notEquals\": \"Microsoft.AzureActiveDirectory/b2cDirectories\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e56962a6-4747-49cd-b67b-bf8b01975c4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Node.js Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Node.js version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestNodeJS\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e67687e8-08d5-4e7f-8226-5b4753bba008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations for resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that resource groups can be created in.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e765b5de-1225-4ba3-bd56-1ac6695af988\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within a web application must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e797f851-8be7-4c40-bb56-2e3395215b0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an API app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration and Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid110\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"NotInstalledApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"NotInstalledApplication\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[Parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0633351-c7b2-41ff-9981-508fc08553c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid121\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if they not logging to the LA workspace specified in the policy/initiative assignment.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"notEquals\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f47b5582-33ec-4c5c-87c0-b010a6b2e917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of authorization rules on Event Hub entities\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit existence of authorization rules on Event Hub entities to grant least-privileged access\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/eventhubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/eventHubs/authorizationRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4826e5f-6a27-407c-ae3e-9582eb39891d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Auditing on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\",\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8456c1c-aa66-4dfb-861a-25d127b775c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Service Bus\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Stream Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Stream Analytics\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingJobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits that the specified application is installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor SQL vulnerability assessment results in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedinstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"feedbf84-6b99-488c-acc2-71c829aa5ffc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"cheggert: Append VMSS extension\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/virtualMachineProfile\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*].type\",\r\n \"notEquals\": \"GenevaMonitoring\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*]\",\r\n \"value\": {\r\n \"name\": \"Microsoft.Azure.Geneva.GenevaMonitoring\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Geneva\",\r\n \"type\": \"GenevaMonitoring\",\r\n \"typeHandlerVersion\": \"1.8\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {}\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/01b105ed-6ded-4a1d-894c-df85fd9351cb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"01b105ed-6ded-4a1d-894c-df85fd9351cb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage_httpsTrafficOnly\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/023217dd-81bb-461f-93ea-8799caac50c7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"023217dd-81bb-461f-93ea-8799caac50c7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"This shouldn't work\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This customer's policy is attempting to append multiple tags at once. I expect it will just append one tag with a really long name\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"value\": [\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04183864-11ae-4e7a-aadb-c600e40ed1b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04183864-11ae-4e7a-aadb-c600e40ed1b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Inherit named tag from resource group\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Applies the tag value from the resource group if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[resourcegroup().tags[parameters('tagName')]]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04904947-4d10-4454-9a50-f423d590e11b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04904947-4d10-4454-9a50-f423d590e11b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : AuditIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"deploys a delete lock for a resource \",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/0b88dfdb-55b3-4fb0-b474-5b6dcbe6b2ef/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"CanNotDelete\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {},\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"apiVersion\": \"2015-01-01\",\r\n \"name\": \"DeleteLock\",\r\n \"properties\": {\r\n \"level\": \"CanNotDelete\",\r\n \"notes\": \"prevent deletion\"\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ddd96d8-fccd-40cb-81d2-5072a4ed061c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ddd96d8-fccd-40cb-81d2-5072a4ed061c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robga-nsgtemplate-test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ddfee46-9b63-4313-a529-cfbf968d8118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ddfee46-9b63-4313-a529-cfbf968d8118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akif incident - 85944710\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 85944710\\nhttps://icm.ad.msft.net/imp/v3/incidents/details/85944710/home\\n\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af12870bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af12870bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"second attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af1287abe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af1287abe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"chegg: Deploy azsecpack autoupgrade (VMSS)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n }\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*].name\",\r\n \"notEquals\": \"Microsoft.Azure.Geneva.GenevaMonitoring\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"Microsoft.Azure.Geneva.GenevaMonitoring\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"GenevaMonitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Geneva\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/enableAutomaticUpgrade\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-10-01\",\r\n \"name\": \"[concat(parameters('vmssName'), '/Microsoft.Azure.Geneva.GenevaMonitoring')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"enableAutomaticUpgrade\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ec05dac-e529-48ef-8c20-f7e6af99a12b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ec05dac-e529-48ef-8c20-f7e6af99a12b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/123c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"123c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim nsg repro\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"fix\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/14ac45e9-df97-455d-b6ee-dd216f15f694\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"14ac45e9-df97-455d-b6ee-dd216f15f694\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim-incident-86226837-fix\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"1 - reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/15358dd8-671e-4c96-be33-2b668791418f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"15358dd8-671e-4c96-be33-2b668791418f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Attempt service bus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logProfiles\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logProfiles/serviceBusRuleId\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/163c640e-681c-445f-92ba-cd434bd8c11c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"163c640e-681c-445f-92ba-cd434bd8c11c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.zyx\",\r\n \"exists\": \"false\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/17d43473-870f-4bc8-93c6-3961fa1d91cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17d43473-870f-4bc8-93c6-3961fa1d91cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"peterhaugeaudit\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Testing resource group in IfNotExists (not the intent of the original policy, but looks like there's some weirdness here)\\n\\nChanged: Microsoft.Resources/subscriptions/resourceGroups to Microsoft.Resources/resourceGroups\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"name\": \"EnforceServicePrincipalAccessToDevTestLabsResourceGroups\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/19153189-4506-4910-b7bc-756e0188a6f2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"19153189-4506-4910-b7bc-756e0188a6f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit all tags\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"tags\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags\",\r\n \"value\": \"[resourceGroup().tags]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1e3c9312-c011-40a3-ac40-3bf3ddc24120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e3c9312-c011-40a3-ac40-3bf3ddc24120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource group locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Allowed resource group locations\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f20036f-28c3-48f3-9266-05d50fe391f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f20036f-28c3-48f3-9266-05d50fe391f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"docdb_aliases_test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/isVirtualNetworkFilterEnabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f5360b7-fe59-43f7-8af5-825df420d09c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f5360b7-fe59-43f7-8af5-825df420d09c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ovewrites security rules with IP restrictions at the securityRule level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Limit to one protocol. The most inclusive should come last. I.e. 22;22-22;22-23\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"priority\": {\r\n \"type\": \"int\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[parameters('fullRuleName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-02-01\",\r\n \"properties\": {\r\n \"protocol\": \"*\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[last(parameters('destinationPortRanges'))]\",\r\n \"access\": \"Allow\",\r\n \"direction\": \"Inbound\",\r\n \"priority\": \"[parameters('priority')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[field('Microsoft.Network/networksecurityGroups/securityRules/priority')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"20c4afd0-8a77-4433-b8b0-4ad06e4c7111\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy NSGs on Subnets\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforce that all subnets have a Network Security Group. If a subnet does not have one an NSG with the default Internet Exposed Endpoint restrictions will be created and associated with it.\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string to apply to all automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges must not overlap.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks/subnets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"notEquals\": \"null\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgPrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"nsgName\": \"[concat(parameters('nsgPrefix'), '-', parameters('location'))]\",\r\n \"vnetName\": \"[split(parameters('fullResourceName'), '/')[0]]\",\r\n \"vnetResourceId\": \"[resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))]\",\r\n \"getVnetDeploymentName\": \"[concat('getVnet-', variables('vnetName'))]\",\r\n \"collectSubnetsDeploymentName\": \"[concat('collectSubnets-', variables('vnetName'))]\",\r\n \"overwriteVnetDeploymentName\": \"[concat('overwriteVnet-', variables('vnetName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"vnetProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('vnetResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[variables('nsgName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"securityRules\": [\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Restrict\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from specific IP ranges (either corpnet or SAW)\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3997,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_AllowVnet\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from within the VNET\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"VirtualNetwork\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3998,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Deny\",\r\n \"properties\": {\r\n \"description\": \"Deny any controlled port connections that aren't explicitly allowed in higher priority rules\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 3999,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_AllowAll\",\r\n \"properties\": {\r\n \"description\": \"Allow all inbound traffic that isn't explicitly blocked by Port Lockdown restrictions\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 4000,\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectSubnetsDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_collectSubnets_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"nsgResourceId\": {\r\n \"value\": \"[resourceid('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"dependsOn\": [\r\n \"[variables('nsgName')]\"\r\n ],\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_overwriteVnet_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"updatedSubnets\": {\r\n \"value\": \"[reference(variables('collectSubnetsDeploymentName')).outputs.updatedSubnets.value]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"nsgPrefix\": {\r\n \"value\": \"[parameters('nsgPrefix')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/210ed8bd-6b07-4d5e-a62c-c34f07293288\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"210ed8bd-6b07-4d5e-a62c-c34f07293288\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit all Microsoft.Web/sites/config/authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/211a466d-b2be-46e8-b029-8c28f566f118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"211a466d-b2be-46e8-b029-8c28f566f118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of a tag2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits that a required tag is present on resources\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"notcontainsKey\": \"[parameters('tagName')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24813039-7534-408a-9842-eb99f45721b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append single location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.locationTest\",\r\n \"value\": \"[parameters('allowedLocation')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin oms vm linux parameterized effect\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"263f13f4-6b88-4788-bead-34beedde70ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere strange alias in field function\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"Tags['asdasd']\",\r\n \"equals\": \"[concat('whatever', 'a')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/26556185-593c-4866-9c0c-114ac0bf6120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26556185-593c-4866-9c0c-114ac0bf6120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test guest assignment\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/28e54a72-2fd7-40d3-afe2-b05423e0147a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"28e54a72-2fd7-40d3-afe2-b05423e0147a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"2nd attempt on this policy. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"notIn\": \"[parameters('allowedLocations')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd60841400\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd60841400\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-combined\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"the combined policy attempt for both cosmos db cases. \",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"locationNames\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd6084180f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd6084180f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage ip rules append 2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.ipRules\",\r\n \"value\": [\r\n {\r\n \"value\": \"8.8.8.8\",\r\n \"action\": \"Allow\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/2b2317a7-ab02-47b5-8159-eb7e6227709f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2b2317a7-ab02-47b5-8159-eb7e6227709f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[demo] Enforce KeyVault diagnostic log storage\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"[tolower(concat('cheggkv', parameters('location')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('cheggremdemo', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/332ce4ac-9200-4573-8c66-92b85fc82c8d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"332ce4ac-9200-4573-8c66-92b85fc82c8d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_enableAutomaticFailover\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/enableAutomaticFailover\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_defaultConsistencyLevel\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/consistencyPolicy.defaultConsistencyLevel\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0b7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_readLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_writeLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_failoverPolicies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd160\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c0df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c0df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL and Managed Instance TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c144\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c144\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services vaults test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"vault\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vault\",\r\n \"description\": \"The Recovery Services Vault.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n },\r\n \"vaults\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vaults\",\r\n \"description\": \"The list of Recovery Services Vaults.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('vault')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('vaults')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b2c1b0f-63c5-4943-8578-6d37fbe411bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b2c1b0f-63c5-4943-8578-6d37fbe411bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b788cf8-ff6f-4075-86a1-ab76270790e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b788cf8-ff6f-4075-86a1-ab76270790e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3cc5820a-cbb8-4977-9c90-d90ced95f12c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3cc5820a-cbb8-4977-9c90-d90ced95f12c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Name should have prefix and suffix\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Name should have prefix and suffix\",\r\n \"parameters\": {\r\n \"prefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The prefix\",\r\n \"description\": \"The name prefix\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"suffix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The suffix\",\r\n \"description\": \"The name suffix.\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('prefix'), '*', parameters('suffix'))]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e275e2e-a157-4ade-8f91-43b3ea370007\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e275e2e-a157-4ade-8f91-43b3ea370007\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Restrict VM skus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Restricts allowed VM skus to a predefined regex\",\r\n \"parameters\": {\r\n \"allowedSkuTemplate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed VM sku template\",\r\n \"description\": \"The VM sku template. Supports wildcards via '*'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"like\": \"[parameters('allowedSkuTemplate')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e34c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e34c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKU\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits the use of storage account SKUs that don't meet organizational cost policy.\",\r\n \"parameters\": {\r\n \"listOfAllowedSkus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of allowed SKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSkus')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e3682\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e3682\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaDataFactoryTest1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"RobgaDataFactoryTest\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataFactory/factories\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/robgatestworkspace/providers/Microsoft.OperationalInsights/workspaces/robgatestworkspace\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce autoUpgrade on VM/VMSS extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies any VM or VMSS extensions that do not have autoUpgradeMinorVersion set to true.\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f772\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f772\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically enabled autoUpgradeMinorVersion on VM extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f783\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f783\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM scale set extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically appends autoUpgradeMinorVersion=true to VMSS extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f7a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f7a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService must use serverFarm\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService serverFarm must have capacity > 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/serverFarms\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/serverFarms/sku.capacity\",\r\n \"in\": [\r\n \"0\",\r\n \"1\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc23\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc23\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Do_Not_Delete\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy is used for unit tests. Please do not delete it.\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4a0425e4-97bf-4ad0-ab36-145b94083c60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4a0425e4-97bf-4ad0-ab36-145b94083c60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny MySQL firewallRules starting with 0\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4b94c320-ce63-4fb6-ba9d-7dbe648b90de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4b94c320-ce63-4fb6-ba9d-7dbe648b90de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83686598\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"deny the creation of storage if supportsHttpsTrafficOnly is false\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"detect 'allow All' NSG rule\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c915617-16f0-4c62-b021-e66d5409d11d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c915617-16f0-4c62-b021-e66d5409d11d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332195\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332199\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332199\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny storage container creation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts/blobServices/containers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4d2f8837-7acb-4488-b580-95960ee3f116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d2f8837-7acb-4488-b580-95960ee3f116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure auto-created NSG rules exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ensures that security rules created in auto-created PortLockdown NSGs are not tampered with\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string applied to automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to in the expected security rule. I.e. 192.4.0.0/8;192.5.0.0/8 or *\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions in the expected security rule\"\r\n }\r\n },\r\n \"priority\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected priority\",\r\n \"description\": \"The priority of the expected security rule.\"\r\n }\r\n },\r\n \"access\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected access\",\r\n \"description\": \"The access (allow/deny) of the expected security rule.\"\r\n },\r\n \"allowedValues\": [\r\n \"Allow\",\r\n \"Deny\"\r\n ]\r\n },\r\n \"name\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected name\",\r\n \"description\": \"The name of the expected security rule.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('nsgPrefix'), '-', field('location'))]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"equals\": \"[parameters('priority')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"[parameters('access')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"name\": {\r\n \"type\": \"string\"\r\n },\r\n \"priority\": {\r\n \"type\": \"string\"\r\n },\r\n \"access\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"isSinglePrefix\": \"[equals(count(parameters('sourceAddressPrefixes')), 1)]\",\r\n \"isSinglePortRange\": \"[equals(count(parameters('destinationPortRanges')), 1)]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('nsgName'), '/', parameters('name'))]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"properties\": {\r\n \"description\": \"Rule auto-created by Internet Exposed Endpoints protection\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[if(variables('isSinglePortRange'), first(parameters('destinationPortRanges')), '')]\",\r\n \"destinationPortRanges\": \"[if(not(variables('isSinglePortRange')), parameters('destinationPortRanges'), json('[]'))]\",\r\n \"sourceAddressPrefix\": \"[if(variables('isSinglePrefix'), first(parameters('sourceAddressPrefixes')), '')]\",\r\n \"sourceAddressPrefixes\": \"[if(not(variables('isSinglePrefix')), parameters('sourceAddressPrefixes'), json('[]'))]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"[parameters('access')]\",\r\n \"priority\": \"[int(parameters('priority'))]\",\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"name\": {\r\n \"value\": \"[parameters('name')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[parameters('priority')]\"\r\n },\r\n \"access\": {\r\n \"value\": \"[parameters('access')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f283ec4-25a9-46df-bbf2-806ed5a3e115\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rs defaultvalue backslash\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Extensions to Exclude\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \".FWD;.GSC;.GSE;.MYD;.MYI;.SMD;.VAC;.BAK;.CHK;.FRM;.LDF;.LOG;.MBX;.MDF;.NDF;.TRN;.UND;.UNF;.UNH;.UNI;.UNQ;.UNS;.VHD;.VMDX;.WCI;.EDB;.SDS\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Paths to Exclude\",\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Sysvol;C:\\\\ProgramData\\\\Microsoft\\\\SharePoint;C:\\\\Program Files\\\\Common Files\\\\Microsoft Shared\\\\Web Server Extensions;C:\\\\Program Files\\\\Operations Manager;C:\\\\Program Files\\\\Microsoft Monitoring Agent;C:\\\\Program Files\\\\Microsoft Office Servers;C:\\\\Program Files\\\\Microsoft System Center 2012 R2\\\\Server;C:\\\\Program Files\\\\System Center Operations Manager;C:\\\\Program Files\\\\System Center Operations Manager 2007;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\NTDS;C:\\\\Windows\\\\System32\\\\LogFiles;C:\\\\Windows\\\\Sysvol;C:\\\\Program Files\\\\Double-Take Software;C:\\\\Program Files\\\\DoubleTake;C:\\\\Program Files\\\\Exchsrvr;C:\\\\Program Files\\\\Ipswitch;C:\\\\Program Files\\\\LogMeIn;C:\\\\Windows\\\\SoftwareDistribution\\\\Datastore;C:\\\\Windows\\\\Temp\\\\Gthrsvc\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Processes to Exclude\",\r\n \"description\": \"Semicolon delimited list of processes to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"HealthService.exe;ManagementService.exe;Microsoft.Mom.Sdk.Service.exe;Microsoft.Mom.ConfigServiceHost.exe;MonitoringHost.exe;pagefile.sys\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable real time protection\",\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Scheduled scans\",\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n },\r\n \"defaultValue\": \"false\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Scheduled Scan Type\",\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n },\r\n \"defaultValue\": \"Quick\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Day of Scheduled Scan\",\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n },\r\n \"defaultValue\": \"7\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Time of Scheduled Scan\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"120\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"value\": \"[parameters('ExclusionsExtensions')]\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"value\": \"[parameters('ExclusionsPaths')]\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"value\": \"[parameters('ExclusionsProcesses')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"[parameters('RealtimeProtectionEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsIsEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsDay')]\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsTime')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50877efd-8dd9-43d5-b4e6-3b70e64311b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50877efd-8dd9-43d5-b4e6-3b70e64311b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy key vault KV_B if key vault KV_A does not exist.\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy will deploy a key vault named KV_B if a key vault named KV_A does not exist.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"KV_B\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-10-01\",\r\n \"name\": \"KV_A\",\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"location\": \"eastus2\",\r\n \"properties\": {\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"sku\": {\r\n \"family\": \"A\",\r\n \"name\": \"standard\"\r\n },\r\n \"accessPolicies\": []\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50e2972e-143c-4edf-9ef6-bee0f84212d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaTestRbac\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Authorization/roleAssignments/principalId\",\r\n \"equals\": \"Admin\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/560482cd-dac5-41e6-9cef-b0aecd6020de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"560482cd-dac5-41e6-9cef-b0aecd6020de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : definition param with assignPermissions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/57ef268f-b414-436a-9894-125a81d80b30\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"57ef268f-b414-436a-9894-125a81d80b30\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"GokmenhAuditLocation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit if not west us\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5948d091-78b7-4d3b-a404-cc6a0329b0c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5948d091-78b7-4d3b-a404-cc6a0329b0c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"deployifnotexist template alias tests - redis\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/Redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/sku.family\",\r\n \"equals\": \"C\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"Whatever*\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"type\": \"string\"\r\n },\r\n \"nameField\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuFamilyOut\": {\r\n \"value\": \"[parameters('skuFamily')]\",\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPortOut\": {\r\n \"value\": \"[parameters('enableNonSslPort')]\",\r\n \"type\": \"string\"\r\n },\r\n \"nameFieldOut\": {\r\n \"value\": \"[parameters('nameField')]\",\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/sku.family')]\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/enableNonSslPort')]\"\r\n },\r\n \"nameField\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"exists\": \" false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca376\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca376\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86318519\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86318519\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallrules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"AllowAllWindowsAzureIps\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca600\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca600\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"exists\": \"true\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"notIn\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca8d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca8d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Test storage alias\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Test storage alias\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"type\": \"string\"\r\n },\r\n \"encrypt\": {\r\n \"type\": \"string\"\r\n },\r\n \"accessTier\": {\r\n \"type\": \"string\"\r\n },\r\n \"skuName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuNameOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('skuName')]\"\r\n },\r\n \"accessTierOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('accessTier')]\"\r\n },\r\n \"httpsOnlyOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('httpsOnly')]\"\r\n },\r\n \"encryptOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('encrypt')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly')]\"\r\n },\r\n \"encrypt\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/enableBlobEncryption')]\"\r\n },\r\n \"accessTier\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/accessTier')]\"\r\n },\r\n \"skuName\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/sku.name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5fa69139-9a49-464e-90b5-0d243a469138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5fa69139-9a49-464e-90b5-0d243a469138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit costcenter tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"value\": \"[resourceGroup().tags.CostCenter]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6ced0d17-98f3-41e2-8038-08c8f4fb90e3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6ced0d17-98f3-41e2-8038-08c8f4fb90e3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim Apply allowed tag and its default value\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"3\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n },\r\n \"allowedValues\": [\r\n \"TagA\",\r\n \"TagB\"\r\n ]\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6d1735de-f3e3-4c40-a8b2-7b3a1042a895\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6d1735de-f3e3-4c40-a8b2-7b3a1042a895\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": null\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"3\"\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"Metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The metric operator.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"The timeAggregation.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"The window size.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"The evaluation frequency.\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The action group id.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('alertNamePrefix'), '*')]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(toLower(parameters('alertNamePrefix')), uniqueString(resourceGroup().id))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6f2c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6f2c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testImageId\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"css\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"contains\": \"resourceGroups/testSandipsh\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/70dc1e8d-61c9-4089-8bf5-895b227c1298\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"70dc1e8d-61c9-4089-8bf5-895b227c1298\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"policyTrackedResources-sdk-tests\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"notIn\": [\r\n \"policyTrackedResources-sdk-tests-rule1\",\r\n \"policyTrackedResources-sdk-tests-rule2\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule1')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule2')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2001,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny if blob is not encrypted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/74d5cf40-7293-46a4-a285-7ea971e3719a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"74d5cf40-7293-46a4-a285-7ea971e3719a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Location restriction\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Policy to force allocations to a set of given locations\",\r\n \"metadata\": {\r\n \"category\": \"cstack\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/763dcd1d-a4a9-46a8-8bd3-357c4533a335\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"763dcd1d-a4a9-46a8-8bd3-357c4533a335\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83577342 deny proxy resource location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/83577342/home\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"eastus\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingjobs/transformations\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/77429b44-aac1-4417-a53e-6900c07e11ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"77429b44-aac1-4417-a53e-6900c07e11ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Block TLS < 1.2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/slots/config\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\r\n \"notEquals\": \"1.2\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/78c5df31-2f05-4f4d-acfe-3e536d88c1bc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"78c5df31-2f05-4f4d-acfe-3e536d88c1bc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny ActiveDirectory administrators\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/administrators/administratorType\",\r\n \"equals\": \"ActiveDirectory\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash weird chars\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR!@#$%^&*()_+=-{}[];:',.<>?~`/;C:\\\\hello\\\\there\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7f4d769f-78db-46eb-ac3c-0b8214f8c245\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f4d769f-78db-46eb-ac3c-0b8214f8c245\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock v2\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/83daa8ee-7c9a-470c-81a8-5a99ac09d134\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83daa8ee-7c9a-470c-81a8-5a99ac09d134\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"northwell.io\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/86cd412c-c557-473b-984c-a5f15cdcb116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86cd412c-c557-473b-984c-a5f15cdcb116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Parameterized effect (if location != eastus)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The policy effect.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"eastus\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"885f1dcb-a9c5-4c8c-8996-2702db44a2d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.xyz\",\r\n \"exists\": false\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8959fd87-c1dd-4831-9034-a4f876bee1cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8959fd87-c1dd-4831-9034-a4f876bee1cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Kubernetes ingress policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Only specified ingress is allowed based on names\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere applicability test 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/whatever\"\r\n },\r\n {\r\n \"field\": \"tags.applicability\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8e6b598c-1a45-404b-97dd-983e37c040da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8e6b598c-1a45-404b-97dd-983e37c040da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_ipRangeFilter\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/ipRangeFilter\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9012b1cd-b045-46c6-a510-6137e06a009c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elperetest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"value\": \"[resourceGroup().tags['Hyphen-test']]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9389a21b-2134-414a-a579-e9f2709b2131\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9389a21b-2134-414a-a579-e9f2709b2131\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash (array)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": [\r\n \"C:\\\\rs-pkgs\",\r\n \"C:\\\\System Volume Information\\\\DFSR\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/985adbc0-6d2e-448a-ac26-89d3688191d5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"985adbc0-6d2e-448a-ac26-89d3688191d5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github209\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/virtualNetworkRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9a060c03-fda7-4b0a-b4da-15e2b7e4d117\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9a060c03-fda7-4b0a-b4da-15e2b7e4d117\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - Subscription Lvl test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Subscriptionlevel auditIfNotExist policy\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a1b067c8-2970-4c0b-b0da-31ae7f33d1de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1b067c8-2970-4c0b-b0da-31ae7f33d1de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Noop\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Don't do anything\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"yabba\",\r\n \"dabba\",\r\n \"doo\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a309ad64-0bae-48d9-a6b1-d99c0b4218b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a309ad64-0bae-48d9-a6b1-d99c0b4218b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyof\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a337c781-c7d8-4e12-ae69-1951c7e74378\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a337c781-c7d8-4e12-ae69-1951c7e74378\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127 - better\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\",\r\n \"Deny\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"81196380\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure https traffic only for storage account\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure https traffic only for storage account\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"true\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscription name tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"add subscription name tag\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionname\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionname\",\r\n \"value\": \"[subscription().displayName]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d82a2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d82a2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Add subscription \\\"id\\\" tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.id\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.id\",\r\n \"value\": \"[subscription().id]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8339\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8339\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscriptionId tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionId\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionId\",\r\n \"value\": \"[subscription().subscriptionId]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8635\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8635\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgaNSGtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/aeb6a524-e3d1-4b8a-afa8-26ae4e291116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aeb6a524-e3d1-4b8a-afa8-26ae4e291116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed Location Indexed\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"hackathon policy\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Allowed-Locations-Indexed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Allowed-Locations-Indexed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if antiMalware extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy audits if the anti malware extension .\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/antiMalwareExtensionExists\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"antiMalwareExtensionExists\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Web socket must be disabled on App Services\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures web sockets are disabled on App Services.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/AppServiceWebSockets\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"AppServiceWebSockets\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure Security Center must be enabled\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures Azure Security Center is enabled.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ASCEnabled\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ASCEnabled\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and it's value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and its value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits if a required extension doesn't exist.\",\r\n \"parameters\": {\r\n \"publisher\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The publisher of the extension\",\r\n \"displayName\": \"Extension Publisher\"\r\n }\r\n },\r\n \"type\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The type of the extension\",\r\n \"displayName\": \"Extension Type\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"[parameters('publisher')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"[parameters('type')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/audit-vm-extension\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"audit-vm-extension\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"CanCrudPolicyAssignment Policy Definition $[Auto Test]\",\r\n \"policyType\": \"Custom\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"ResourceProviderTestHost/TestResourceType/TestResourceTypeNestedOne/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/azsmnet6487\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"azsmnet6487\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"89322663 audit diag setting\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"description\": \"The list of resources types to audit for missing diagnostic log settings.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"details\": {\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"equals\": \"true\",\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\"\r\n }\r\n ]\r\n },\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\"\r\n },\r\n \"effect\": \"AuditIfNotExists\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b350b9b0-8ba5-4867-bc9c-63b4544671b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b350b9b0-8ba5-4867-bc9c-63b4544671b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"makharchtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"policy\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b36f6195-0fc5-4a41-bbce-875248400f5f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b36f6195-0fc5-4a41-bbce-875248400f5f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash really long string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b9203c56-0565-434a-a315-87f4da9f21b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b9203c56-0565-434a-a315-87f4da9f21b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"NSG Rules exists test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].protocol\",\r\n \"notLike\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/bb6a78ae-8737-41e0-9c41-cc777c8c00a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bb6a78ae-8737-41e0-9c41-cc777c8c00a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"Category\": \"Flintstones\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"yabba\",\r\n \"dabba\",\r\n \"doo\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/BedrockPolicy\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"BedrockPolicy\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c0f586f1-abe5-4801-8588-7332e49e60c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c0f586f1-abe5-4801-8588-7332e49e60c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"234\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logprofiles\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/logprofiles\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Doublecheck the lifecycle tag policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy refers to tags['Lifecycle'], which with the current implementation of the escaped tags syntax will refer to a tag named 'Lifecycle' (quotes and all). This is a customer policy that would be broken when I switch the meaning of tags['Lifecycle'] to refer simply to a tag named Lifecycle (no quotes)\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['Lifecycle']\",\r\n \"notIn\": [\r\n \"dev\",\r\n \"tst\",\r\n \"stg\",\r\n \"prd\",\r\n \"trn\",\r\n \"prf\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c6be98a9-8108-40aa-b726-d2ae8e2891b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c6be98a9-8108-40aa-b726-d2ae8e2891b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe resource group auditIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c7b9982d-2f50-4730-935f-5c241982a441\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c7b9982d-2f50-4730-935f-5c241982a441\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed resource types\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": \"The list of allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('allowedTypes')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c872f951-1c5d-4c61-89dd-aee2350a11ba\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8b79b49-a579-4045-984e-1b249ab8b474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8cedfaa-4aa0-465a-8b90-49caf8177158\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8cedfaa-4aa0-465a-8b90-49caf8177158\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere css block NSG changes\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/95894791/home\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"nsgName\",\r\n \"description\": \"The name of the NSG.\"\r\n },\r\n \"defaultValue\": \"nsgName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('nsgName')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"fullName\",\r\n \"like\": \"[concat(parameters('nsgName'), '/*')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ca01432d-4278-45a6-8137-69f2155d2248\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ca01432d-4278-45a6-8137-69f2155d2248\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin empty string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure resource names meet the like condition for a pattern.\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"namePattern\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"namePattern\",\r\n \"description\": \"Pattern to use for names. Can include wildcard (*).\"\r\n },\r\n \"allowedValues\": [\r\n \"\",\r\n \"one\",\r\n \"two\"\r\n ],\r\n \"defaultValue\": \"\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('namePattern')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"camarvin-test-empty-assign\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere append 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.test\",\r\n \"value\": \"1\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny on 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.test\",\r\n \"equals\": \"1\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Resource name contains resource group name\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Require resources to contain the resource group's name\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"notContains\": \"[resourceGroup().name]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/contain-resource-group-name\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"contain-resource-group-name\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v3\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"third attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5002\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-deployIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"deploys a delete lock for a resource \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/0b88dfdb-55b3-4fb0-b474-5b6dcbe6b2ef/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"CanNotDelete\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {},\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"apiVersion\": \"2015-01-01\",\r\n \"name\": \"DeleteLock\",\r\n \"properties\": {\r\n \"level\": \"CanNotDelete\",\r\n \"notes\": \"prevent deletion\"\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5632\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5632\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce KeyVault diagnostic log storage (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"elperetest\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('elpere', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d0d9349d-843c-443a-9f27-5ce84f08c37e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d0d9349d-843c-443a-9f27-5ce84f08c37e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere template paramters function tests\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"testing strange array behavior\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"contains\": \"lmao\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"String\"\r\n },\r\n \"dataDisks\": {\r\n \"type\": \"object\"\r\n },\r\n \"osDisk\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmVar\": \"[parameters('vmName')]\",\r\n \"dataDisksVar\": \"[parameters('dataDisks')]\"\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"vmNameOut\": {\r\n \"value\": \"[variables('vmVar')]\",\r\n \"type\": \"String\"\r\n },\r\n \"dataDisksOut\": {\r\n \"value\": \"[concat(array(parameters('osDisk')), if(empty(parameters('dataDisks').rawValue), parameters('dataDisks').emptyArray, array(parameters('dataDisks').rawValue)))]\",\r\n \"type\": \"array\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"dataDisks\": {\r\n \"value\": {\r\n \"rawValue\": \"[field('Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.id')]\",\r\n \"emptyArray\": []\r\n }\r\n },\r\n \"osDisk\": {\r\n \"value\": \"[field('Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.id')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d2532053-bf59-4095-a1ae-2b7e4744f119\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d2532053-bf59-4095-a1ae-2b7e4744f119\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Access KV as part of remidiation deployment test (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"hello\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"outputs\": {\r\n \"testSecretOutput\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('testSecret')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"reference\": {\r\n \"keyVault\": {\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/elpere/providers/Microsoft.KeyVault/vaults/elpereKv\"\r\n },\r\n \"secretName\": \"test\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d35ce9be-f51b-4d3e-bc7f-dde2936381b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d35ce9be-f51b-4d3e-bc7f-dde2936381b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - inv\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"inv \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\",\r\n \"details\": {\r\n \"functionId\": \"subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourcegroups/AKif2WebApp/providers/Microsoft.Logic/workflows/deneme\",\r\n \"payload\": {\r\n \"locations\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d54722e7-4665-47ce-9a82-2f96cebfe238\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d54722e7-4665-47ce-9a82-2f96cebfe238\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - incident - gardner\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"name\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"text\": {\r\n \"type\": \"string\",\r\n \"value\": \"Policy executed for resource [parameters('name')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"name\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d54722e7-4665-47ce-9a82-2f96cebfe353\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d54722e7-4665-47ce-9a82-2f96cebfe353\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs (NSG level)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Overwrites security rules with IP restrictions at the NSG level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges may overlap.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"getNsgDeploymentName\": \"[concat('getNSGContent-', parameters('nsgName'))]\",\r\n \"collectorDeploymentName\": \"[concat('collectRules-', parameters('nsgName'))]\",\r\n \"overwriteNsgDeploymentName\": \"[concat('overwriteNsg-', parameters('nsgName'))]\",\r\n \"nsgResourceId\": \"[resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"nsgProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('nsgResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectorDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_collectRules_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"nsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"portRangesToRestrict\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_overwriteNSG_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"originalNsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"updatedSecurityRules\": {\r\n \"value\": \"[reference(variables('collectorDeploymentName')).outputs.updatedSecurityRules.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d7b13c30-e6aa-47e1-b50a-8e33f152d086\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d7b13c30-e6aa-47e1-b50a-8e33f152d086\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7121\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7126\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e712b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7130\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7135\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e713a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Audited skus\",\r\n \"description\": \"The list of skus.\",\r\n \"strongType\": \"storageSkus\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e90ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e90ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List Of Allowed SKUs\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"vmSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e9170\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e9170\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[elpere] deployIfNotExists Runners test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"deployIfNotExistsTestsRule\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/deployIfNotExistsTestsRule')]\",\r\n \"properties\": {\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbfa9fc0-5202-4001-8759-1aa2387f825b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbfa9fc0-5202-4001-8759-1aa2387f825b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"allowedOS\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"test_sandipsh\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedWindows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Windows VMs\",\r\n \"description\": \"The list of allowed VMs for Windows.\"\r\n }\r\n },\r\n \"listOfAllowedUbuntus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Ubuntu VMs\",\r\n \"description\": \"The list of allowed VMs for Ubuntu.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/disks\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"Canonical\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"UbuntuServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedUbuntus')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedWindows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services backup policies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"policies\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policies\",\r\n \"description\": \"The list of allowed Recovery Services backup policies.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n },\r\n \"policy\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policy\",\r\n \"description\": \"Allowed Recovery Services backup policy.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('policies')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('policy')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e3f9a624-b17d-4dc8-9649-65814d3241bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3f9a624-b17d-4dc8-9649-65814d3241bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"authSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their logs config\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"logs\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny changing sites authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"defaultValue: all parameters\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"defaultValue\"\r\n },\r\n \"parameters\": {\r\n \"locations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array)\",\r\n \"description\": \"The list of locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": [\r\n \"eastus\",\r\n \"westus\"\r\n ]\r\n },\r\n \"location\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string)\",\r\n \"description\": \"The location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"resourceGroups\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array)\",\r\n \"description\": \"The list of resource groups.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": [\r\n \"camarvin\"\r\n ]\r\n },\r\n \"resourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string)\",\r\n \"description\": \"The resource group.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": \"camarvin\"\r\n },\r\n \"tags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array)\",\r\n \"description\": \"The list of tags.\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"tag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string)\",\r\n \"description\": \"The tag.\"\r\n },\r\n \"defaultValue\": \"\"\r\n },\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array, av)\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": [\r\n \"eastus\"\r\n ]\r\n },\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string, av)\",\r\n \"description\": \"The allowed location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"allowedStorageSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array, av)\",\r\n \"description\": \"The list of allowed storage SKUs for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ]\r\n },\r\n \"allowedStorageSKU\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string, av)\",\r\n \"description\": \"The allowed storage SKU for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": \"Standard_LRS\"\r\n },\r\n \"allowedTags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array, av)\",\r\n \"description\": \"The list of allowed tags.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ]\r\n },\r\n \"allowedTag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string, av)\",\r\n \"description\": \"The allowed tag.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": \"FirstName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('locations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('resourceGroups')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('resourceGroup')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('tags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('tag')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedStorageSkus')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"Equals\": \"[parameters('allowedStorageSku')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedTags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"NotEquals\": \"[parameters('allowedTag')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ea1688b3-022e-4add-af39-2fe60689a3b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ea1688b3-022e-4add-af39-2fe60689a3b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny \\\"Allow All\\\" NSG rules\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies the creation of sourceAddressPrefix=\\\"*\\\", destinationPortRange=\\\"*\\\" NSG security rules\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"PortLockdown_AllowAll\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"notEquals\": \"4000\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github264\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/siteAuthSettings.enabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ef00ee9d-fe45-4d14-8bee-789eea392116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ef00ee9d-fe45-4d14-8bee-789eea392116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"GokmenhTestTagWithHyphen5\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"GokmenhTestTagWithHyphen5\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"value\": \"[resourceGroup().tags['Hyphen-test']]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/f2320be5-23be-4b58-8d8e-08c3044dd60f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f2320be5-23be-4b58-8d8e-08c3044dd60f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy enables you to audit your location.\",\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/LocationAuditDefinition\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"LocationAuditDefinition\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"northeurope\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/policy2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"policy2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps6386\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps6386\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9652\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps9652\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9867\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps9867\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test policy\",\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testSandipsh.draft\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testSandipsh.draft\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testtest\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"testtest\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testtest\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testtest\"\r\n }\r\n ]\r\n}", "StatusCode": 200 }, { @@ -91,17 +91,17 @@ "Vary": [ "Accept-Encoding" ], - "x-ms-ratelimit-remaining-subscription-reads": [ - "11995" + "x-ms-correlation-request-id": [ + "9da1fb79-61f5-45a2-b77b-271639b8d767" ], "x-ms-request-id": [ - "westus2:0666a18d-5970-4f50-83aa-22f164a65d9d" + "westus2:6ecd73e6-cfe4-4153-80c2-a84f435b0b8d" ], - "x-ms-correlation-request-id": [ - "ab19362a-df15-49e4-bf8d-33327755291d" + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T214032Z:ab19362a-df15-49e4-bf8d-33327755291d" + "WESTUS2:20190116T193700Z:9da1fb79-61f5-45a2-b77b-271639b8d767" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -110,10 +110,10 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:40:32 GMT" + "Wed, 16 Jan 2019 19:36:59 GMT" ], "Content-Length": [ - "439489" + "487308" ], "Content-Type": [ "application/json; charset=utf-8" @@ -125,7 +125,7 @@ "0" ] }, - "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines without disaster recovery configured\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"ASR-Protect-*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an Function app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"001802d1-4969-4c82-a700-c29c6c6f9bbd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"053d3325-282c-4e5c-b944-24faffd30d77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Data Lake Store\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057ef27e-665e-4328-8ea3-04b3122bd9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL DB Level Audit Setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit DB level audit setting for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit VMs that do not use managed disks\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0868462e-646c-4fe3-9ced-a733534b6a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08b17839-76c6-4015-90e0-33d9d54d219c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit minimum number of owners for subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate more than one subscription owner in order to have administrator access redundancy.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateMoreThanOneOwner\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted VM Disks in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0961003e-5a0a-4549-abde-af6a37f2724d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit resource location matches resource group location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that the resource location matches its resource group location\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"notIn\": [\r\n \"[resourcegroup().location]\",\r\n \"global\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a914e76-4921-4c19-b460-a2d36003525a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an function app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e60b895-3786-45da-8377-9c6b4b6ac5f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11ac78e3-31bc-4f0c-8434-37ab963cea07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the required content to audit that an application is installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"WhitelistedApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WhitelistedApplication\"\r\n },\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"installedApplication\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[Parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit transparent data encryption status\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit transparent data encryption status for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"enabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17k78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1c210e94-a481-4beb-95fa-1571b434fb04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicCompute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d84d5fb-01f6-4d12-ba4f-4a26081d403d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1de7b11d-1870-41a5-8181-507e7c663cfb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enforces a required tag and its value. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e30110a-5ceb-460c-a204-c1c3969c6d62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit provisioning of an Azure Active Directory administrator for SQL server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/administrators\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f314764-cb73-4fc9-b863-8eca98ac36e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected web application in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Web applications without a Web Application Firewall protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\",\r\n \"Microsoft.Web/hostingEnvironments\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201ea587-7c90-41c3-910f-c280ae01cfd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a API app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"224da9fe-0d38-4e79-adb3-0a6e2af942ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of only secure connections to your Redis Cache\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Cache\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22bee202-a82f-4305-9a2a-6d7f44d4dedb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordLength\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordLength\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit configuration of metric alert rules on Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit configuration of metric alert rules on Batch account to enable the required metric\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/alertRules\",\r\n \"existenceScope\": \"Subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\r\n \"equals\": \"[parameters('metricName')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\r\n \"equals\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', field('name'))]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Microsoft IaaSAntimalware extension for Windows Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys a Microsoft IaaSAntimalware extension with a default configuraion when a VM is not configured with the antimalware extension.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of process names to exclude from scanning\"\r\n }\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"false\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Quick\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"7\",\r\n \"metadata\": {\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"120\",\r\n \"metadata\": {\r\n \"description\": \"When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM.\"\r\n }\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2835b622-407b-4114-9198-6f7064cbe0dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Applies a required tag and its default value if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fde8a98-6892-426a-83ba-050e640c0ce0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32133ab0-ee4b-4b44-98d6-042180979d50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid232\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"equals\": \"Allow\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34c877ad-507e-4c82-993e-3452a6e0ad3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Logic Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Logic Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34f95f76-5386-4de7-b824-0d8478470c9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MaximumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MaximumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enablement of encryption of Automation account variables\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is important to enable encryption of Automation account variable assets when storing sensitive data\",\r\n \"metadata\": {\r\n \"category\": \"Automation\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts/variables\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Automation/automationAccounts/variables/isEncrypted\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3657f5a0-770e-44a3-b44e-9431ba1e9735\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Threat Detection is enabled on SQL Servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicStorage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c1b3629-c8f8-4bf6-862c-037cb9094038\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Log Analytics Agent for Ubuntu VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace\",\r\n \"metadata\": {\r\n \"category\": \"Compute\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\",\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\",\r\n \"14.04.2-LTS\",\r\n \"12.04.5-LTS\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fe37002-5d00-4b37-a301-da09e3a0ca66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit secure transfer to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit requirment of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"404c3081-a854-4457-ae30-26a93ef643f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"428256e6-1fac-4f48-a757-df34c2b3336d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor permissive network access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"permissiveNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44452482-524f-4bf4-b852-0bff7cc4a3ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require SQL Server version 12.0\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures all SQL servers use version 12.0\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/version\",\r\n \"equals\": \"12.0\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46544d7b-1f0d-46f5-81da-5c1351de1b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce automatic OS upgrade with app health checks on VMSS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces usage of automatic OS upgrade with application health checks through health probes, which enables safer rollout by evaluating application health after each OS upgrade batch.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade\",\r\n \"equals\": \"True\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/networkProfile.healthProbe.id\",\r\n \"exists\": \"False\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f0161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible app Whitelisting in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible Application Whitelist configuration will be monitored by Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"applicationWhitelisting\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47a6b606-51aa-4496-8bb7-64b11cf66adc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48893b84-a2c8-4d9a-badf-835d5d1b7d53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Applies a required tag and its default value to resource groups if it is not specified by the user.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d1c04de-2172-403f-901b-90608c35c721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit maximum number of owners for a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateLessThanXOwners\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f11b553-d42e-4e3a-89be-32ca364cad4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with write permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df82f4f-773a-4a2d-97a2-422a806f1a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in India data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: West India, South India, Central India\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with read permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit the setting of ClusterProtectionLevel property to EncryptAndSign in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].name\",\r\n \"notEquals\": \"Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name\",\r\n \"notEquals\": \"ClusterProtectionLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value\",\r\n \"notEquals\": \"EncryptAndSign\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"617c02be-7f02-4efd-8836-3180d47b6c68\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit missing blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits storage accounts without blob encryption. It only applies to Microsoft.Storage resource types, not other storage providers. Possible network Just In Time access will be monitored by Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"655cb504-bcee-4362-bd4c-402e6aa38759\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a Function app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"664346d9-be92-43fb-a219-d595eeb76a90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a web application from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8450e2-6c61-43b4-be65-62e3a197bffe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization cannot deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that cannot be deployed.\",\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesNotAllowed')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdb9205-3462-4cfc-87d8-16c7860b53f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"EnforcePasswordHistory\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed storage account SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"StorageSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7433c107-6db4-4ad1-b57a-a76dce0154a1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in App Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"752c6934-9bcc-4749-b004-655e676ae2ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor VM Vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"vulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"760a85ff-6162-42b3-8d70-698e268f648c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"IaaSDiagnostics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Diagnostics\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"LinuxDiagnostic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.OSTCExtensions\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c1b1214-f927-48bf-8882-84f0af6588b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e56b49b-5990-4159-a734-511ea19b731c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordMustMeetComplexityRequirements\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit diagnostic setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f89b1eb-583c-429a-8828-af049802c1d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a214f7-d01a-484b-91a9-ed54470c9a6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy SQL DB transparent data encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enables transparent data encryption on SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('fullDbName'), '/current')]\",\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"apiVersion\": \"2014-04-01\",\r\n \"properties\": {\r\n \"status\": \"Enabled\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"value\": \"[field('fullName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing system updates in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Missing security system updates on your servers will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"systemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86b3d65f-7626-441e-b690-81a8b71cff60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"not_installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"not_installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"884b209a-963b-4520-8006-d20cb3c213e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces a required tag and its value on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce3da23-7156-49e4-b145-24f95f9dcb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"StorePasswordsUsingReversibleEncryption\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9297c21d-2ed6-4474-b48f-163f75654ce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in European data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: North Europe, West Europe\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"northeurope\",\r\n \"westeurope\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"94c19f19-8192-48cd-a11b-e37099d3e36b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in United States data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"centralus\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"northcentralus\",\r\n \"southcentralus\",\r\n \"westus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"983211ba-f348-4758-983b-21fa29294869\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9bfe3727-0a17-471f-a2fe-eddd6b668745\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected network endpoints in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network endpoints without a Next Generation Firewall's protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedNetworkEndpoint\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9daedab3-fb2d-461e-b861-71790eead4f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that can be deployed.\",\r\n \"displayName\": \"Allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesAllowed')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a08ec900-254a-4555-9bf5-e42af04b5c5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Service Bus namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1817ec0-a368-432a-8057-8371e17ac6ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a451c1ef-c6ca-483d-87ed-f49761e3ffb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL server level Auditing settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audits the existence of SQL Auditing at the server level\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Desired Auditing setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enabled\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit standard tier of DDoS protection is enabled for a virtual network\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableDDoSProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce encryption on Data Lake Store accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures encryption is enabled on all Data Lake Store accounts\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DataLakeStore/accounts/encryptionState\",\r\n \"equals\": \"Disabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7ff3161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unencrypted SQL servers or databases will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a8bef009-a5c9-4d0f-90d7-6018734e8a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy network watcher when virtual networks are created\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"networkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[field('location')]\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-09-01\",\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"name\": \"[concat('networkWacher_', parameters('location'))]\",\r\n \"location\": \"[parameters('location')]\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with owner permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa633080-8b72-40c4-a2d7-d00c03e80bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Automatic provisioning of security monitoring agent\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Installs security agent on VMs for advanced security alerts and preventions in Azure Security Center. Applies only for subscriptions that use Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"securityAgent\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abcc6037-1fc4-47f6-aac5-89706589be24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'environment' tag value in allowed values\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.environment\",\r\n \"in\": [\r\n \"production\",\r\n \"dev\",\r\n \"test\",\r\n \"staging\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"endpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af6cd1bd-1635-48cb-bde7-5b15693900b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unaudited SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"SQL servers and databases which doesn't have SQL auditing turned on will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"auditing\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af8051bf-258b-44e2-a2bf-165330459f9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible network Just In Time (JIT) access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"jitNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM /etc/passwd file permissions are set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Event Hub namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b278e460-7cfc-4451-8294-cccc40a940d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"AuditSecureProtocol\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AuditSecureProtocol\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs for Search service\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Search\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an API app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b48334a4-911b-4084-b1ab-3e6a4e50b951\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of Azure Active Directory for client authentication in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit usage of client authentication only via Azure Active Directory in Service Fabric\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b54ed75b-3e1a-44ac-a333-05ba39b99ff0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be0a7681-bed4-48dc-9ff3-f0171ee170b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Asia data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastasia\",\r\n \"southeastasia\",\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\",\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Data Lake Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply Diagnostic Settings for Network Security Groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy automatically deploys diagnostic settings to network security groups.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist)\",\r\n \"description\": \"This resource group must already exist\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setbypolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"rgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"storageDeployName\": \"[concat('policyStorage_', uniqueString(parameters('location'), parameters('nsgName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('nsgName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [\r\n \"[variables('storageDeployName')]\"\r\n ],\r\n \"properties\": {\r\n \"storageAccountId\": \"[reference(variables('storageDeployName')).outputs.storageAccountId.value]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('storageDeployName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('rgName')]\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-06-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[concat(parameters('storageprefix'), parameters('location'))]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"location\": \"[parameters('location')]\",\r\n \"tags\": {\r\n \"created-by\": \"policy\"\r\n },\r\n \"scale\": null,\r\n \"properties\": {\r\n \"networkAcls\": {\r\n \"bypass\": \"AzureServices\",\r\n \"defaultAction\": \"Allow\",\r\n \"ipRules\": [],\r\n \"virtualNetworkRules\": []\r\n },\r\n \"supportsHttpsTrafficOnly\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"storageAccountId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[resourceId(parameters('rgName'), 'Microsoft.Storage/storageAccounts',concat(parameters('storagePrefix'), parameters('location')))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('rgName')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb510bfd-1cba-4d9f-a230-cb0976f4bb71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed virtual machine SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for virtual machines.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cccc23c7-8427-4f53-ad12-b6a63eb452b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'department' tag set\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation only if the 'department' tag is set\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags\",\r\n \"containsKey\": \"department\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd8dc879-a2ae-43c3-8211-1877c5755064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Key Vault\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf820ca0-f99e-4f3e-84fb-66e913812d21\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Function Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a Function app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a web application from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd2ea520-6b06-45c3-806e-ea297c23e06a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e01598e8-6538-41ed-95e8-8b29746cd697\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor OS vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"osVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3576e28-8b17-4677-84c3-db2990658d64\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"global\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"notEquals\": \"Microsoft.AzureActiveDirectory/b2cDirectories\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e56962a6-4747-49cd-b67b-bf8b01975c4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Node.js Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Node.js version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestNodeJS\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e67687e8-08d5-4e7f-8226-5b4753bba008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations for resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that resource groups can be created in.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e765b5de-1225-4ba3-bd56-1ac6695af988\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within a web application must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e797f851-8be7-4c40-bb56-2e3395215b0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an API app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration and Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid110\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"NotInstalledApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"NotInstalledApplication\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[Parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0633351-c7b2-41ff-9981-508fc08553c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid121\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if they not logging to the LA workspace specified in the policy/initiative assignment.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"notEquals\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f47b5582-33ec-4c5c-87c0-b010a6b2e917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of authorization rules on Event Hub entities\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit existence of authorization rules on Event Hub entities to grant least-privileged access\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/eventhubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/eventHubs/authorizationRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4826e5f-6a27-407c-ae3e-9582eb39891d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Auditing on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\",\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8456c1c-aa66-4dfb-861a-25d127b775c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Service Bus\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Stream Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Stream Analytics\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingJobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits that the specified application is installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor SQL vulnerability assessment results in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedinstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"feedbf84-6b99-488c-acc2-71c829aa5ffc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage_httpsTrafficOnly\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/023217dd-81bb-461f-93ea-8799caac50c7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"023217dd-81bb-461f-93ea-8799caac50c7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"This shouldn't work\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This customer's policy is attempting to append multiple tags at once. I expect it will just append one tag with a really long name\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"value\": [\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04183864-11ae-4e7a-aadb-c600e40ed1b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04183864-11ae-4e7a-aadb-c600e40ed1b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Inherit named tag from resource group\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Applies the tag value from the resource group if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[resourcegroup().tags[parameters('tagName')]]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04904947-4d10-4454-9a50-f423d590e11b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04904947-4d10-4454-9a50-f423d590e11b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robga-nsgtemplate-test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ddfee46-9b63-4313-a529-cfbf968d8118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ddfee46-9b63-4313-a529-cfbf968d8118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akif incident - 85944710\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 85944710\\nhttps://icm.ad.msft.net/imp/v3/incidents/details/85944710/home\\n\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af12870bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af12870bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"second attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af1287abe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af1287abe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/123c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"123c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim nsg repro\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"fix\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/14ac45e9-df97-455d-b6ee-dd216f15f694\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"14ac45e9-df97-455d-b6ee-dd216f15f694\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim-incident-86226837-fix\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"1 - reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/15358dd8-671e-4c96-be33-2b668791418f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"15358dd8-671e-4c96-be33-2b668791418f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Attempt service bus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logProfiles\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logProfiles/serviceBusRuleId\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/163c640e-681c-445f-92ba-cd434bd8c11c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"163c640e-681c-445f-92ba-cd434bd8c11c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.zyx\",\r\n \"exists\": \"false\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/17d43473-870f-4bc8-93c6-3961fa1d91cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17d43473-870f-4bc8-93c6-3961fa1d91cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit all tags\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"tags\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags\",\r\n \"value\": \"[resourceGroup().tags]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1e3c9312-c011-40a3-ac40-3bf3ddc24120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e3c9312-c011-40a3-ac40-3bf3ddc24120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource group locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Allowed resource group locations\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f20036f-28c3-48f3-9266-05d50fe391f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f20036f-28c3-48f3-9266-05d50fe391f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"docdb_aliases_test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/isVirtualNetworkFilterEnabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f5360b7-fe59-43f7-8af5-825df420d09c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f5360b7-fe59-43f7-8af5-825df420d09c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ovewrites security rules with IP restrictions at the securityRule level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Limit to one protocol. The most inclusive should come last. I.e. 22;22-22;22-23\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"priority\": {\r\n \"type\": \"int\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[parameters('fullRuleName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-02-01\",\r\n \"properties\": {\r\n \"protocol\": \"*\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[last(parameters('destinationPortRanges'))]\",\r\n \"access\": \"Allow\",\r\n \"direction\": \"Inbound\",\r\n \"priority\": \"[parameters('priority')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[field('Microsoft.Network/networksecurityGroups/securityRules/priority')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"20c4afd0-8a77-4433-b8b0-4ad06e4c7111\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy NSGs on Subnets\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforce that all subnets have a Network Security Group. If a subnet does not have one an NSG with the default Internet Exposed Endpoint restrictions will be created and associated with it.\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string to apply to all automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges must not overlap.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks/subnets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"notEquals\": \"null\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgPrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"nsgName\": \"[concat(parameters('nsgPrefix'), '-', parameters('location'))]\",\r\n \"vnetName\": \"[split(parameters('fullResourceName'), '/')[0]]\",\r\n \"vnetResourceId\": \"[resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))]\",\r\n \"getVnetDeploymentName\": \"[concat('getVnet-', variables('vnetName'))]\",\r\n \"collectSubnetsDeploymentName\": \"[concat('collectSubnets-', variables('vnetName'))]\",\r\n \"overwriteVnetDeploymentName\": \"[concat('overwriteVnet-', variables('vnetName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"vnetProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('vnetResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[variables('nsgName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"securityRules\": [\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Restrict\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from specific IP ranges (either corpnet or SAW)\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3997,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_AllowVnet\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from within the VNET\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"VirtualNetwork\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3998,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Deny\",\r\n \"properties\": {\r\n \"description\": \"Deny any controlled port connections that aren't explicitly allowed in higher priority rules\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 3999,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_AllowAll\",\r\n \"properties\": {\r\n \"description\": \"Allow all inbound traffic that isn't explicitly blocked by Port Lockdown restrictions\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 4000,\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectSubnetsDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_collectSubnets_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"nsgResourceId\": {\r\n \"value\": \"[resourceid('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"dependsOn\": [\r\n \"[variables('nsgName')]\"\r\n ],\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_overwriteVnet_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"updatedSubnets\": {\r\n \"value\": \"[reference(variables('collectSubnetsDeploymentName')).outputs.updatedSubnets.value]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"nsgPrefix\": {\r\n \"value\": \"[parameters('nsgPrefix')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/210ed8bd-6b07-4d5e-a62c-c34f07293288\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"210ed8bd-6b07-4d5e-a62c-c34f07293288\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit all Microsoft.Web/sites/config/authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/211a466d-b2be-46e8-b029-8c28f566f118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"211a466d-b2be-46e8-b029-8c28f566f118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of a tag2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits that a required tag is present on resources\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"notcontainsKey\": \"[parameters('tagName')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24813039-7534-408a-9842-eb99f45721b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append single location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.locationTest\",\r\n \"value\": \"[parameters('allowedLocation')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin oms vm linux parameterized effect\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"263f13f4-6b88-4788-bead-34beedde70ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test guest assignment\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/28e54a72-2fd7-40d3-afe2-b05423e0147a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"28e54a72-2fd7-40d3-afe2-b05423e0147a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"2nd attempt on this policy. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"notIn\": \"[parameters('allowedLocations')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd60841400\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd60841400\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-combined\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"the combined policy attempt for both cosmos db cases. \",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"locationNames\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd6084180f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd6084180f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage ip rules append 2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.ipRules\",\r\n \"value\": [\r\n {\r\n \"value\": \"8.8.8.8\",\r\n \"action\": \"Allow\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/2b2317a7-ab02-47b5-8159-eb7e6227709f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2b2317a7-ab02-47b5-8159-eb7e6227709f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[demo] Enforce KeyVault diagnostic log storage\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"[tolower(concat('cheggkv', parameters('location')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('cheggremdemo', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/332ce4ac-9200-4573-8c66-92b85fc82c8d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"332ce4ac-9200-4573-8c66-92b85fc82c8d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_enableAutomaticFailover\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/enableAutomaticFailover\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_defaultConsistencyLevel\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/consistencyPolicy.defaultConsistencyLevel\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0b7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_readLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_writeLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_failoverPolicies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd160\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c0df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c0df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL and Managed Instance TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c144\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c144\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services vaults test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"vault\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vault\",\r\n \"description\": \"The Recovery Services Vault.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n },\r\n \"vaults\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vaults\",\r\n \"description\": \"The list of Recovery Services Vaults.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('vault')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('vaults')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b2c1b0f-63c5-4943-8578-6d37fbe411bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b2c1b0f-63c5-4943-8578-6d37fbe411bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b788cf8-ff6f-4075-86a1-ab76270790e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b788cf8-ff6f-4075-86a1-ab76270790e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3cc5820a-cbb8-4977-9c90-d90ced95f12c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3cc5820a-cbb8-4977-9c90-d90ced95f12c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Name should have prefix and suffix\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Name should have prefix and suffix\",\r\n \"parameters\": {\r\n \"prefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The prefix\",\r\n \"description\": \"The name prefix\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"suffix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The suffix\",\r\n \"description\": \"The name suffix.\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('prefix'), '*', parameters('suffix'))]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e275e2e-a157-4ade-8f91-43b3ea370007\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e275e2e-a157-4ade-8f91-43b3ea370007\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Restrict VM skus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Restricts allowed VM skus to a predefined regex\",\r\n \"parameters\": {\r\n \"allowedSkuTemplate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed VM sku template\",\r\n \"description\": \"The VM sku template. Supports wildcards via '*'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"like\": \"[parameters('allowedSkuTemplate')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e34c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e34c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKU\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits the use of storage account SKUs that don't meet organizational cost policy.\",\r\n \"parameters\": {\r\n \"listOfAllowedSkus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of allowed SKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSkus')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e3682\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e3682\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaDataFactoryTest1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"RobgaDataFactoryTest\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataFactory/factories\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/robgatestworkspace/providers/Microsoft.OperationalInsights/workspaces/robgatestworkspace\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce autoUpgrade on VM/VMSS extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies any VM or VMSS extensions that do not have autoUpgradeMinorVersion set to true.\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f772\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f772\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically enabled autoUpgradeMinorVersion on VM extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f783\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f783\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM scale set extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically appends autoUpgradeMinorVersion=true to VMSS extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f7a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f7a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService must use serverFarm\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService serverFarm must have capacity > 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/serverFarms\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/serverFarms/sku.capacity\",\r\n \"in\": [\r\n \"0\",\r\n \"1\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc23\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc23\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Definition to be deleted.\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy will deploy a key vault named KV_B if a key vault named KV_A does not exist.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"KV_B\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-10-01\",\r\n \"name\": \"KV_A\",\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"location\": \"eastus2\",\r\n \"properties\": {\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"sku\": {\r\n \"family\": \"A\",\r\n \"name\": \"standard\"\r\n },\r\n \"accessPolicies\": []\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/48ba81c1-0012-4796-8166-c2efb4304190\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48ba81c1-0012-4796-8166-c2efb4304190\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Do_Not_Delete\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy is used for unit tests. Please do not delete it.\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4a0425e4-97bf-4ad0-ab36-145b94083c60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4a0425e4-97bf-4ad0-ab36-145b94083c60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny MySQL firewallRules starting with 0\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4b94c320-ce63-4fb6-ba9d-7dbe648b90de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4b94c320-ce63-4fb6-ba9d-7dbe648b90de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83686598\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"deny the creation of storage if supportsHttpsTrafficOnly is false\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"detect 'allow All' NSG rule\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c915617-16f0-4c62-b021-e66d5409d11d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c915617-16f0-4c62-b021-e66d5409d11d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332195\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332199\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332199\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny storage container creation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts/blobServices/containers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4d2f8837-7acb-4488-b580-95960ee3f116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d2f8837-7acb-4488-b580-95960ee3f116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure auto-created NSG rules exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ensures that security rules created in auto-created PortLockdown NSGs are not tampered with\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string applied to automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to in the expected security rule. I.e. 192.4.0.0/8;192.5.0.0/8 or *\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions in the expected security rule\"\r\n }\r\n },\r\n \"priority\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected priority\",\r\n \"description\": \"The priority of the expected security rule.\"\r\n }\r\n },\r\n \"access\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected access\",\r\n \"description\": \"The access (allow/deny) of the expected security rule.\"\r\n },\r\n \"allowedValues\": [\r\n \"Allow\",\r\n \"Deny\"\r\n ]\r\n },\r\n \"name\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected name\",\r\n \"description\": \"The name of the expected security rule.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('nsgPrefix'), '-', field('location'))]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"equals\": \"[parameters('priority')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"[parameters('access')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"name\": {\r\n \"type\": \"string\"\r\n },\r\n \"priority\": {\r\n \"type\": \"string\"\r\n },\r\n \"access\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"isSinglePrefix\": \"[equals(count(parameters('sourceAddressPrefixes')), 1)]\",\r\n \"isSinglePortRange\": \"[equals(count(parameters('destinationPortRanges')), 1)]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('nsgName'), '/', parameters('name'))]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"properties\": {\r\n \"description\": \"Rule auto-created by Internet Exposed Endpoints protection\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[if(variables('isSinglePortRange'), first(parameters('destinationPortRanges')), '')]\",\r\n \"destinationPortRanges\": \"[if(not(variables('isSinglePortRange')), parameters('destinationPortRanges'), json('[]'))]\",\r\n \"sourceAddressPrefix\": \"[if(variables('isSinglePrefix'), first(parameters('sourceAddressPrefixes')), '')]\",\r\n \"sourceAddressPrefixes\": \"[if(not(variables('isSinglePrefix')), parameters('sourceAddressPrefixes'), json('[]'))]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"[parameters('access')]\",\r\n \"priority\": \"[int(parameters('priority'))]\",\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"name\": {\r\n \"value\": \"[parameters('name')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[parameters('priority')]\"\r\n },\r\n \"access\": {\r\n \"value\": \"[parameters('access')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f283ec4-25a9-46df-bbf2-806ed5a3e115\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rs defaultvalue backslash\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Extensions to Exclude\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \".FWD;.GSC;.GSE;.MYD;.MYI;.SMD;.VAC;.BAK;.CHK;.FRM;.LDF;.LOG;.MBX;.MDF;.NDF;.TRN;.UND;.UNF;.UNH;.UNI;.UNQ;.UNS;.VHD;.VMDX;.WCI;.EDB;.SDS\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Paths to Exclude\",\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Sysvol;C:\\\\ProgramData\\\\Microsoft\\\\SharePoint;C:\\\\Program Files\\\\Common Files\\\\Microsoft Shared\\\\Web Server Extensions;C:\\\\Program Files\\\\Operations Manager;C:\\\\Program Files\\\\Microsoft Monitoring Agent;C:\\\\Program Files\\\\Microsoft Office Servers;C:\\\\Program Files\\\\Microsoft System Center 2012 R2\\\\Server;C:\\\\Program Files\\\\System Center Operations Manager;C:\\\\Program Files\\\\System Center Operations Manager 2007;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\NTDS;C:\\\\Windows\\\\System32\\\\LogFiles;C:\\\\Windows\\\\Sysvol;C:\\\\Program Files\\\\Double-Take Software;C:\\\\Program Files\\\\DoubleTake;C:\\\\Program Files\\\\Exchsrvr;C:\\\\Program Files\\\\Ipswitch;C:\\\\Program Files\\\\LogMeIn;C:\\\\Windows\\\\SoftwareDistribution\\\\Datastore;C:\\\\Windows\\\\Temp\\\\Gthrsvc\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Processes to Exclude\",\r\n \"description\": \"Semicolon delimited list of processes to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"HealthService.exe;ManagementService.exe;Microsoft.Mom.Sdk.Service.exe;Microsoft.Mom.ConfigServiceHost.exe;MonitoringHost.exe;pagefile.sys\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable real time protection\",\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Scheduled scans\",\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n },\r\n \"defaultValue\": \"false\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Scheduled Scan Type\",\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n },\r\n \"defaultValue\": \"Quick\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Day of Scheduled Scan\",\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n },\r\n \"defaultValue\": \"7\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Time of Scheduled Scan\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"120\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"value\": \"[parameters('ExclusionsExtensions')]\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"value\": \"[parameters('ExclusionsPaths')]\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"value\": \"[parameters('ExclusionsProcesses')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"[parameters('RealtimeProtectionEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsIsEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsDay')]\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsTime')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50877efd-8dd9-43d5-b4e6-3b70e64311b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50877efd-8dd9-43d5-b4e6-3b70e64311b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy key vault KV_B if key vault KV_A does not exist.\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy will deploy a key vault named KV_B if a key vault named KV_A does not exist.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"KV_B\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-10-01\",\r\n \"name\": \"KV_A\",\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"location\": \"eastus2\",\r\n \"properties\": {\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"sku\": {\r\n \"family\": \"A\",\r\n \"name\": \"standard\"\r\n },\r\n \"accessPolicies\": []\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50e2972e-143c-4edf-9ef6-bee0f84212d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaTestRbac\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Authorization/roleAssignments/principalId\",\r\n \"equals\": \"Admin\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/560482cd-dac5-41e6-9cef-b0aecd6020de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"560482cd-dac5-41e6-9cef-b0aecd6020de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"GokmenhAuditLocation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit if not west us\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5948d091-78b7-4d3b-a404-cc6a0329b0c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5948d091-78b7-4d3b-a404-cc6a0329b0c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"deployifnotexist template alias tests - redis\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/Redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/sku.family\",\r\n \"equals\": \"C\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"Whatever*\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"type\": \"string\"\r\n },\r\n \"nameField\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuFamilyOut\": {\r\n \"value\": \"[parameters('skuFamily')]\",\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPortOut\": {\r\n \"value\": \"[parameters('enableNonSslPort')]\",\r\n \"type\": \"string\"\r\n },\r\n \"nameFieldOut\": {\r\n \"value\": \"[parameters('nameField')]\",\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/sku.family')]\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/enableNonSslPort')]\"\r\n },\r\n \"nameField\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"exists\": \" false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca376\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca376\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86318519\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86318519\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallrules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"AllowAllWindowsAzureIps\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca600\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca600\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"exists\": \"true\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"notIn\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca8d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca8d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Test storage alias\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Test storage alias\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"type\": \"string\"\r\n },\r\n \"encrypt\": {\r\n \"type\": \"string\"\r\n },\r\n \"accessTier\": {\r\n \"type\": \"string\"\r\n },\r\n \"skuName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuNameOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('skuName')]\"\r\n },\r\n \"accessTierOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('accessTier')]\"\r\n },\r\n \"httpsOnlyOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('httpsOnly')]\"\r\n },\r\n \"encryptOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('encrypt')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly')]\"\r\n },\r\n \"encrypt\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/enableBlobEncryption')]\"\r\n },\r\n \"accessTier\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/accessTier')]\"\r\n },\r\n \"skuName\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/sku.name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5fa69139-9a49-464e-90b5-0d243a469138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5fa69139-9a49-464e-90b5-0d243a469138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit costcenter tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"value\": \"[resourceGroup().tags.CostCenter]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6ced0d17-98f3-41e2-8038-08c8f4fb90e3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6ced0d17-98f3-41e2-8038-08c8f4fb90e3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim Apply allowed tag and its default value\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"3\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n },\r\n \"allowedValues\": [\r\n \"TagA\",\r\n \"TagB\"\r\n ]\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6d1735de-f3e3-4c40-a8b2-7b3a1042a895\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6d1735de-f3e3-4c40-a8b2-7b3a1042a895\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": null\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"3\"\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"Metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The metric operator.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"The timeAggregation.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"The window size.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"The evaluation frequency.\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The action group id.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('alertNamePrefix'), '*')]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(toLower(parameters('alertNamePrefix')), uniqueString(resourceGroup().id))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6f2c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6f2c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testImageId\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"css\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"contains\": \"resourceGroups/testSandipsh\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/70dc1e8d-61c9-4089-8bf5-895b227c1298\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"70dc1e8d-61c9-4089-8bf5-895b227c1298\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"policyTrackedResources-sdk-tests\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"notIn\": [\r\n \"policyTrackedResources-sdk-tests-rule1\",\r\n \"policyTrackedResources-sdk-tests-rule2\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule1')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule2')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2001,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny if blob is not encrypted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/74d5cf40-7293-46a4-a285-7ea971e3719a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"74d5cf40-7293-46a4-a285-7ea971e3719a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Location restriction\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Policy to force allocations to a set of given locations\",\r\n \"metadata\": {\r\n \"category\": \"cstack\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/763dcd1d-a4a9-46a8-8bd3-357c4533a335\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"763dcd1d-a4a9-46a8-8bd3-357c4533a335\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"chegg deploy VMSS extension\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"GenevaMonitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Geneva\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-01\",\r\n \"name\": \"[concat(parameters('vmssName'), '/', 'genevaExtension2')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Geneva\",\r\n \"type\": \"GenevaMonitoring\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {}\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/767d74dd-8fe3-4ef2-a38a-52164f9230da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"767d74dd-8fe3-4ef2-a38a-52164f9230da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83577342 deny proxy resource location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/83577342/home\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"eastus\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingjobs/transformations\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/77429b44-aac1-4417-a53e-6900c07e11ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"77429b44-aac1-4417-a53e-6900c07e11ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Block TLS < 1.2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/slots/config\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\r\n \"notEquals\": \"1.2\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/78c5df31-2f05-4f4d-acfe-3e536d88c1bc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"78c5df31-2f05-4f4d-acfe-3e536d88c1bc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny ActiveDirectory administrators\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/administrators/administratorType\",\r\n \"equals\": \"ActiveDirectory\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash weird chars\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR!@#$%^&*()_+=-{}[];:',.<>?~`/;C:\\\\hello\\\\there\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7f4d769f-78db-46eb-ac3c-0b8214f8c245\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f4d769f-78db-46eb-ac3c-0b8214f8c245\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock v2\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/83daa8ee-7c9a-470c-81a8-5a99ac09d134\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83daa8ee-7c9a-470c-81a8-5a99ac09d134\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"northwell.io\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/86cd412c-c557-473b-984c-a5f15cdcb116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86cd412c-c557-473b-984c-a5f15cdcb116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Parameterized effect (if location != eastus)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The policy effect.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"eastus\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"885f1dcb-a9c5-4c8c-8996-2702db44a2d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.xyz\",\r\n \"exists\": false\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8959fd87-c1dd-4831-9034-a4f876bee1cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8959fd87-c1dd-4831-9034-a4f876bee1cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Kubernetes ingress policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Only specified ingress is allowed based on names\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere applicability test 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/whatever\"\r\n },\r\n {\r\n \"field\": \"tags.applicability\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8e6b598c-1a45-404b-97dd-983e37c040da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8e6b598c-1a45-404b-97dd-983e37c040da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_ipRangeFilter\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/ipRangeFilter\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9012b1cd-b045-46c6-a510-6137e06a009c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash (array)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": [\r\n \"C:\\\\rs-pkgs\",\r\n \"C:\\\\System Volume Information\\\\DFSR\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/985adbc0-6d2e-448a-ac26-89d3688191d5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"985adbc0-6d2e-448a-ac26-89d3688191d5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github209\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/virtualNetworkRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9a060c03-fda7-4b0a-b4da-15e2b7e4d117\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9a060c03-fda7-4b0a-b4da-15e2b7e4d117\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - Subscription Lvl test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Subscriptionlevel auditIfNotExist policy\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a1b067c8-2970-4c0b-b0da-31ae7f33d1de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1b067c8-2970-4c0b-b0da-31ae7f33d1de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Noop\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Don't do anything\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"yabba\",\r\n \"dabba\",\r\n \"doo\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a309ad64-0bae-48d9-a6b1-d99c0b4218b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a309ad64-0bae-48d9-a6b1-d99c0b4218b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyof\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a337c781-c7d8-4e12-ae69-1951c7e74378\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a337c781-c7d8-4e12-ae69-1951c7e74378\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127 - better\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\",\r\n \"Deny\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"81196380\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure https traffic only for storage account\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure https traffic only for storage account\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"true\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscription name tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"add subscription name tag\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionname\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionname\",\r\n \"value\": \"[subscription().displayName]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d82a2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d82a2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Add subscription \\\"id\\\" tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.id\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.id\",\r\n \"value\": \"[subscription().id]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8339\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8339\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscriptionId tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionId\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionId\",\r\n \"value\": \"[subscription().subscriptionId]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8635\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8635\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgaNSGtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/aeb6a524-e3d1-4b8a-afa8-26ae4e291116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aeb6a524-e3d1-4b8a-afa8-26ae4e291116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed Location Indexed\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"hackathon policy\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Allowed-Locations-Indexed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Allowed-Locations-Indexed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if antiMalware extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy audits if the anti malware extension .\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/antiMalwareExtensionExists\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"antiMalwareExtensionExists\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Web socket must be disabled on App Services\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures web sockets are disabled on App Services.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/AppServiceWebSockets\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"AppServiceWebSockets\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure Security Center must be enabled\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures Azure Security Center is enabled.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ASCEnabled\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ASCEnabled\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and it's value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and its value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits if a required extension doesn't exist.\",\r\n \"parameters\": {\r\n \"publisher\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The publisher of the extension\",\r\n \"displayName\": \"Extension Publisher\"\r\n }\r\n },\r\n \"type\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The type of the extension\",\r\n \"displayName\": \"Extension Type\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"[parameters('publisher')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"[parameters('type')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/audit-vm-extension\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"audit-vm-extension\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"CanCrudPolicyAssignment Policy Definition $[Auto Test]\",\r\n \"policyType\": \"Custom\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"ResourceProviderTestHost/TestResourceType/TestResourceTypeNestedOne/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/azsmnet6487\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"azsmnet6487\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"89322663 audit diag setting\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"description\": \"The list of resources types to audit for missing diagnostic log settings.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"details\": {\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"equals\": \"true\",\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\"\r\n }\r\n ]\r\n },\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\"\r\n },\r\n \"effect\": \"AuditIfNotExists\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b350b9b0-8ba5-4867-bc9c-63b4544671b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b350b9b0-8ba5-4867-bc9c-63b4544671b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"makharchtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"policy\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b36f6195-0fc5-4a41-bbce-875248400f5f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b36f6195-0fc5-4a41-bbce-875248400f5f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash really long string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b9203c56-0565-434a-a315-87f4da9f21b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b9203c56-0565-434a-a315-87f4da9f21b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"NSG Rules exists test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].protocol\",\r\n \"notLike\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/bb6a78ae-8737-41e0-9c41-cc777c8c00a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bb6a78ae-8737-41e0-9c41-cc777c8c00a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c0f586f1-abe5-4801-8588-7332e49e60c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c0f586f1-abe5-4801-8588-7332e49e60c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"234\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logprofiles\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/logprofiles\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Doublecheck the lifecycle tag policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy refers to tags['Lifecycle'], which with the current implementation of the escaped tags syntax will refer to a tag named 'Lifecycle' (quotes and all). This is a customer policy that would be broken when I switch the meaning of tags['Lifecycle'] to refer simply to a tag named Lifecycle (no quotes)\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['Lifecycle']\",\r\n \"notIn\": [\r\n \"dev\",\r\n \"tst\",\r\n \"stg\",\r\n \"prd\",\r\n \"trn\",\r\n \"prf\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c6be98a9-8108-40aa-b726-d2ae8e2891b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c6be98a9-8108-40aa-b726-d2ae8e2891b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe resource group auditIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c7b9982d-2f50-4730-935f-5c241982a441\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c7b9982d-2f50-4730-935f-5c241982a441\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed resource types\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": \"The list of allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('allowedTypes')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c872f951-1c5d-4c61-89dd-aee2350a11ba\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8b79b49-a579-4045-984e-1b249ab8b474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8cedfaa-4aa0-465a-8b90-49caf8177158\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8cedfaa-4aa0-465a-8b90-49caf8177158\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere css block NSG changes\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/95894791/home\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"nsgName\",\r\n \"description\": \"The name of the NSG.\"\r\n },\r\n \"defaultValue\": \"nsgName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('nsgName')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"fullName\",\r\n \"like\": \"[concat(parameters('nsgName'), '/*')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ca01432d-4278-45a6-8137-69f2155d2248\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ca01432d-4278-45a6-8137-69f2155d2248\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin empty string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure resource names meet the like condition for a pattern.\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"namePattern\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"namePattern\",\r\n \"description\": \"Pattern to use for names. Can include wildcard (*).\"\r\n },\r\n \"allowedValues\": [\r\n \"\",\r\n \"one\",\r\n \"two\"\r\n ],\r\n \"defaultValue\": \"\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('namePattern')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"camarvin-test-empty-assign\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere append 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.test\",\r\n \"value\": \"1\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny on 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.test\",\r\n \"equals\": \"1\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Resource name contains resource group name\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Require resources to contain the resource group's name\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"notContains\": \"[resourceGroup().name]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/contain-resource-group-name\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"contain-resource-group-name\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v3\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"third attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5002\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-deployIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"deploys a delete lock for a resource \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/0b88dfdb-55b3-4fb0-b474-5b6dcbe6b2ef/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"CanNotDelete\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {},\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"apiVersion\": \"2015-01-01\",\r\n \"name\": \"DeleteLock\",\r\n \"properties\": {\r\n \"level\": \"CanNotDelete\",\r\n \"notes\": \"prevent deletion\"\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5632\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5632\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce KeyVault diagnostic log storage (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"elperetest\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('elpere', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d0d9349d-843c-443a-9f27-5ce84f08c37e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d0d9349d-843c-443a-9f27-5ce84f08c37e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Access KV as part of remidiation deployment test (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"hello\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"outputs\": {\r\n \"testSecretOutput\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('testSecret')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"reference\": {\r\n \"keyVault\": {\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/elpere/providers/Microsoft.KeyVault/vaults/elpereKv\"\r\n },\r\n \"secretName\": \"test\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d35ce9be-f51b-4d3e-bc7f-dde2936381b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d35ce9be-f51b-4d3e-bc7f-dde2936381b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs (NSG level)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Overwrites security rules with IP restrictions at the NSG level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges may overlap.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"getNsgDeploymentName\": \"[concat('getNSGContent-', parameters('nsgName'))]\",\r\n \"collectorDeploymentName\": \"[concat('collectRules-', parameters('nsgName'))]\",\r\n \"overwriteNsgDeploymentName\": \"[concat('overwriteNsg-', parameters('nsgName'))]\",\r\n \"nsgResourceId\": \"[resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"nsgProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('nsgResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectorDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_collectRules_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"nsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"portRangesToRestrict\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_overwriteNSG_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"originalNsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"updatedSecurityRules\": {\r\n \"value\": \"[reference(variables('collectorDeploymentName')).outputs.updatedSecurityRules.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d7b13c30-e6aa-47e1-b50a-8e33f152d086\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d7b13c30-e6aa-47e1-b50a-8e33f152d086\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Audited skus\",\r\n \"description\": \"The list of skus.\",\r\n \"strongType\": \"storageSkus\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e90ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e90ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List Of Allowed SKUs\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"vmSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e9170\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e9170\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[elpere] deployIfNotExists Runners test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"deployIfNotExistsTestsRule\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/deployIfNotExistsTestsRule')]\",\r\n \"properties\": {\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbfa9fc0-5202-4001-8759-1aa2387f825b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbfa9fc0-5202-4001-8759-1aa2387f825b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"allowedOS\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"test_sandipsh\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedWindows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Windows VMs\",\r\n \"description\": \"The list of allowed VMs for Windows.\"\r\n }\r\n },\r\n \"listOfAllowedUbuntus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Ubuntu VMs\",\r\n \"description\": \"The list of allowed VMs for Ubuntu.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/disks\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"Canonical\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"UbuntuServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedUbuntus')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedWindows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services backup policies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"policies\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policies\",\r\n \"description\": \"The list of allowed Recovery Services backup policies.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n },\r\n \"policy\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policy\",\r\n \"description\": \"Allowed Recovery Services backup policy.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('policies')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('policy')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e3f9a624-b17d-4dc8-9649-65814d3241bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3f9a624-b17d-4dc8-9649-65814d3241bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"authSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their logs config\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"logs\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny changing sites authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"defaultValue: all parameters\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"defaultValue\"\r\n },\r\n \"parameters\": {\r\n \"locations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array)\",\r\n \"description\": \"The list of locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": [\r\n \"eastus\",\r\n \"westus\"\r\n ]\r\n },\r\n \"location\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string)\",\r\n \"description\": \"The location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"resourceGroups\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array)\",\r\n \"description\": \"The list of resource groups.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": [\r\n \"camarvin\"\r\n ]\r\n },\r\n \"resourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string)\",\r\n \"description\": \"The resource group.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": \"camarvin\"\r\n },\r\n \"tags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array)\",\r\n \"description\": \"The list of tags.\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"tag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string)\",\r\n \"description\": \"The tag.\"\r\n },\r\n \"defaultValue\": \"\"\r\n },\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array, av)\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": [\r\n \"eastus\"\r\n ]\r\n },\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string, av)\",\r\n \"description\": \"The allowed location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"allowedStorageSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array, av)\",\r\n \"description\": \"The list of allowed storage SKUs for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ]\r\n },\r\n \"allowedStorageSKU\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string, av)\",\r\n \"description\": \"The allowed storage SKU for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": \"Standard_LRS\"\r\n },\r\n \"allowedTags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array, av)\",\r\n \"description\": \"The list of allowed tags.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ]\r\n },\r\n \"allowedTag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string, av)\",\r\n \"description\": \"The allowed tag.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": \"FirstName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('locations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('resourceGroups')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('resourceGroup')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('tags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('tag')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedStorageSkus')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"Equals\": \"[parameters('allowedStorageSku')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedTags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"NotEquals\": \"[parameters('allowedTag')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ea1688b3-022e-4add-af39-2fe60689a3b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ea1688b3-022e-4add-af39-2fe60689a3b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny \\\"Allow All\\\" NSG rules\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies the creation of sourceAddressPrefix=\\\"*\\\", destinationPortRange=\\\"*\\\" NSG security rules\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"PortLockdown_AllowAll\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"notEquals\": \"4000\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github264\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/siteAuthSettings.enabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ef00ee9d-fe45-4d14-8bee-789eea392116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ef00ee9d-fe45-4d14-8bee-789eea392116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy enables you to audit your location.\",\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/LocationAuditDefinition\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"LocationAuditDefinition\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"northeurope\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/policy2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"policy2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps6386\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps6386\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps8886\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps8886\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9652\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps9652\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test policy\",\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testSandipsh.draft\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testSandipsh.draft\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testtest\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"testtest\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testtest\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testtest\"\r\n }\r\n ]\r\n}", + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines without disaster recovery configured\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"ASR-Protect-*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an Function app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"001802d1-4969-4c82-a700-c29c6c6f9bbd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"053d3325-282c-4e5c-b944-24faffd30d77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Data Lake Store\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057ef27e-665e-4328-8ea3-04b3122bd9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL DB Level Audit Setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit DB level audit setting for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit VMs that do not use managed disks\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0868462e-646c-4fe3-9ced-a733534b6a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08b17839-76c6-4015-90e0-33d9d54d219c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit minimum number of owners for subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate more than one subscription owner in order to have administrator access redundancy.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateMoreThanOneOwner\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted VM Disks in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0961003e-5a0a-4549-abde-af6a37f2724d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit resource location matches resource group location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that the resource location matches its resource group location\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"notIn\": [\r\n \"[resourcegroup().location]\",\r\n \"global\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a914e76-4921-4c19-b460-a2d36003525a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an function app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e60b895-3786-45da-8377-9c6b4b6ac5f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11ac78e3-31bc-4f0c-8434-37ab963cea07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the required content to audit that an application is installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"WhitelistedApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WhitelistedApplication\"\r\n },\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"installedApplication\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[Parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit transparent data encryption status\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit transparent data encryption status for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"enabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17k78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1c210e94-a481-4beb-95fa-1571b434fb04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicCompute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d84d5fb-01f6-4d12-ba4f-4a26081d403d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1de7b11d-1870-41a5-8181-507e7c663cfb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enforces a required tag and its value. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e30110a-5ceb-460c-a204-c1c3969c6d62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit provisioning of an Azure Active Directory administrator for SQL server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/administrators\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f314764-cb73-4fc9-b863-8eca98ac36e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected web application in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Web applications without a Web Application Firewall protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\",\r\n \"Microsoft.Web/hostingEnvironments\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201ea587-7c90-41c3-910f-c280ae01cfd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a API app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"224da9fe-0d38-4e79-adb3-0a6e2af942ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of only secure connections to your Redis Cache\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Cache\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22bee202-a82f-4305-9a2a-6d7f44d4dedb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordLength\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordLength\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit configuration of metric alert rules on Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit configuration of metric alert rules on Batch account to enable the required metric\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/alertRules\",\r\n \"existenceScope\": \"Subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\r\n \"equals\": \"[parameters('metricName')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\r\n \"equals\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', field('name'))]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Microsoft IaaSAntimalware extension for Windows Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys a Microsoft IaaSAntimalware extension with a default configuraion when a VM is not configured with the antimalware extension.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of process names to exclude from scanning\"\r\n }\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"false\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Quick\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"7\",\r\n \"metadata\": {\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"120\",\r\n \"metadata\": {\r\n \"description\": \"When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM.\"\r\n }\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2835b622-407b-4114-9198-6f7064cbe0dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Applies a required tag and its default value if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fde8a98-6892-426a-83ba-050e640c0ce0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32133ab0-ee4b-4b44-98d6-042180979d50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid232\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"equals\": \"Allow\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34c877ad-507e-4c82-993e-3452a6e0ad3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Logic Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Logic Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34f95f76-5386-4de7-b824-0d8478470c9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MaximumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MaximumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enablement of encryption of Automation account variables\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is important to enable encryption of Automation account variable assets when storing sensitive data\",\r\n \"metadata\": {\r\n \"category\": \"Automation\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts/variables\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Automation/automationAccounts/variables/isEncrypted\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3657f5a0-770e-44a3-b44e-9431ba1e9735\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Threat Detection is enabled on SQL Servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicStorage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in IoT Hubs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Internet of Things\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Devices/IotHubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"383856f8-de7f-44a2-81fc-e5135b5c2aa4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c1b3629-c8f8-4bf6-862c-037cb9094038\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Log Analytics Agent for Ubuntu VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace\",\r\n \"metadata\": {\r\n \"category\": \"Compute\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\",\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\",\r\n \"14.04.2-LTS\",\r\n \"12.04.5-LTS\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fe37002-5d00-4b37-a301-da09e3a0ca66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit secure transfer to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit requirment of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"404c3081-a854-4457-ae30-26a93ef643f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"428256e6-1fac-4f48-a757-df34c2b3336d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor permissive network access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"permissiveNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44452482-524f-4bf4-b852-0bff7cc4a3ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require SQL Server version 12.0\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures all SQL servers use version 12.0\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/version\",\r\n \"equals\": \"12.0\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46544d7b-1f0d-46f5-81da-5c1351de1b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce automatic OS upgrade with app health checks on VMSS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces usage of automatic OS upgrade with application health checks through health probes, which enables safer rollout by evaluating application health after each OS upgrade batch.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade\",\r\n \"equals\": \"True\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/networkProfile.healthProbe.id\",\r\n \"exists\": \"False\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f0161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible app Whitelisting in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible Application Whitelist configuration will be monitored by Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"applicationWhitelisting\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47a6b606-51aa-4496-8bb7-64b11cf66adc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48893b84-a2c8-4d9a-badf-835d5d1b7d53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Applies a required tag and its default value to resource groups if it is not specified by the user.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d1c04de-2172-403f-901b-90608c35c721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit maximum number of owners for a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateLessThanXOwners\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healty\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f11b553-d42e-4e3a-89be-32ca364cad4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with write permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df82f4f-773a-4a2d-97a2-422a806f1a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in India data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: West India, South India, Central India\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with read permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit the setting of ClusterProtectionLevel property to EncryptAndSign in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].name\",\r\n \"notEquals\": \"Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name\",\r\n \"notEquals\": \"ClusterProtectionLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value\",\r\n \"notEquals\": \"EncryptAndSign\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"617c02be-7f02-4efd-8836-3180d47b6c68\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit missing blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits storage accounts without blob encryption. It only applies to Microsoft.Storage resource types, not other storage providers. Possible network Just In Time access will be monitored by Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"655cb504-bcee-4362-bd4c-402e6aa38759\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a Function app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"664346d9-be92-43fb-a219-d595eeb76a90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a web application from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8450e2-6c61-43b4-be65-62e3a197bffe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization cannot deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that cannot be deployed.\",\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesNotAllowed')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdb9205-3462-4cfc-87d8-16c7860b53f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"EnforcePasswordHistory\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed storage account SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"StorageSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7433c107-6db4-4ad1-b57a-a76dce0154a1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in App Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"752c6934-9bcc-4749-b004-655e676ae2ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor VM Vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"vulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"760a85ff-6162-42b3-8d70-698e268f648c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"IaaSDiagnostics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Diagnostics\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"LinuxDiagnostic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.OSTCExtensions\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c1b1214-f927-48bf-8882-84f0af6588b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e56b49b-5990-4159-a734-511ea19b731c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordMustMeetComplexityRequirements\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit diagnostic setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f89b1eb-583c-429a-8828-af049802c1d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a214f7-d01a-484b-91a9-ed54470c9a6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy SQL DB transparent data encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enables transparent data encryption on SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('fullDbName'), '/current')]\",\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"apiVersion\": \"2014-04-01\",\r\n \"properties\": {\r\n \"status\": \"Enabled\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"value\": \"[field('fullName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing system updates in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Missing security system updates on your servers will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"systemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86b3d65f-7626-441e-b690-81a8b71cff60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"not_installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"not_installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"884b209a-963b-4520-8006-d20cb3c213e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces a required tag and its value on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce3da23-7156-49e4-b145-24f95f9dcb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"StorePasswordsUsingReversibleEncryption\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9297c21d-2ed6-4474-b48f-163f75654ce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in European data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: North Europe, West Europe\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"northeurope\",\r\n \"westeurope\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"94c19f19-8192-48cd-a11b-e37099d3e36b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in United States data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"centralus\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"northcentralus\",\r\n \"southcentralus\",\r\n \"westus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"983211ba-f348-4758-983b-21fa29294869\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9bfe3727-0a17-471f-a2fe-eddd6b668745\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected network endpoints in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network endpoints without a Next Generation Firewall's protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedNetworkEndpoint\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9daedab3-fb2d-461e-b861-71790eead4f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that can be deployed.\",\r\n \"displayName\": \"Allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesAllowed')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a08ec900-254a-4555-9bf5-e42af04b5c5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Service Bus namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1817ec0-a368-432a-8057-8371e17ac6ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a451c1ef-c6ca-483d-87ed-f49761e3ffb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL server level Auditing settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audits the existence of SQL Auditing at the server level\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Desired Auditing setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enabled\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit standard tier of DDoS protection is enabled for a virtual network\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableDDoSProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce encryption on Data Lake Store accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures encryption is enabled on all Data Lake Store accounts\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DataLakeStore/accounts/encryptionState\",\r\n \"equals\": \"Disabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7ff3161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unencrypted SQL servers or databases will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a8bef009-a5c9-4d0f-90d7-6018734e8a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy network watcher when virtual networks are created\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"networkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[field('location')]\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-09-01\",\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"name\": \"[concat('networkWacher_', parameters('location'))]\",\r\n \"location\": \"[parameters('location')]\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with owner permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa633080-8b72-40c4-a2d7-d00c03e80bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Automatic provisioning of security monitoring agent\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Installs security agent on VMs for advanced security alerts and preventions in Azure Security Center. Applies only for subscriptions that use Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"securityAgent\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abcc6037-1fc4-47f6-aac5-89706589be24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'environment' tag value in allowed values\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.environment\",\r\n \"in\": [\r\n \"production\",\r\n \"dev\",\r\n \"test\",\r\n \"staging\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"endpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af6cd1bd-1635-48cb-bde7-5b15693900b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unaudited SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"SQL servers and databases which doesn't have SQL auditing turned on will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"auditing\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af8051bf-258b-44e2-a2bf-165330459f9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible network Just In Time (JIT) access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"jitNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM /etc/passwd file permissions are set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Event Hub namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b278e460-7cfc-4451-8294-cccc40a940d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"AuditSecureProtocol\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AuditSecureProtocol\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs for Search service\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Search\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an API app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b48334a4-911b-4084-b1ab-3e6a4e50b951\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of Azure Active Directory for client authentication in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit usage of client authentication only via Azure Active Directory in Service Fabric\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b54ed75b-3e1a-44ac-a333-05ba39b99ff0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be0a7681-bed4-48dc-9ff3-f0171ee170b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Asia data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastasia\",\r\n \"southeastasia\",\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\",\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Data Lake Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply Diagnostic Settings for Network Security Groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy automatically deploys diagnostic settings to network security groups.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist)\",\r\n \"description\": \"This resource group must already exist\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setbypolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"rgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"storageDeployName\": \"[concat('policyStorage_', uniqueString(parameters('location'), parameters('nsgName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('nsgName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [\r\n \"[variables('storageDeployName')]\"\r\n ],\r\n \"properties\": {\r\n \"storageAccountId\": \"[reference(variables('storageDeployName')).outputs.storageAccountId.value]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('storageDeployName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('rgName')]\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-06-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[concat(parameters('storageprefix'), parameters('location'))]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"location\": \"[parameters('location')]\",\r\n \"tags\": {\r\n \"created-by\": \"policy\"\r\n },\r\n \"scale\": null,\r\n \"properties\": {\r\n \"networkAcls\": {\r\n \"bypass\": \"AzureServices\",\r\n \"defaultAction\": \"Allow\",\r\n \"ipRules\": [],\r\n \"virtualNetworkRules\": []\r\n },\r\n \"supportsHttpsTrafficOnly\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"storageAccountId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[resourceId(parameters('rgName'), 'Microsoft.Storage/storageAccounts',concat(parameters('storagePrefix'), parameters('location')))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('rgName')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb510bfd-1cba-4d9f-a230-cb0976f4bb71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed virtual machine SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for virtual machines.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cccc23c7-8427-4f53-ad12-b6a63eb452b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'department' tag set\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation only if the 'department' tag is set\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags\",\r\n \"containsKey\": \"department\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd8dc879-a2ae-43c3-8211-1877c5755064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Key Vault\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf820ca0-f99e-4f3e-84fb-66e913812d21\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Function Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a Function app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a web application from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd2ea520-6b06-45c3-806e-ea297c23e06a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e01598e8-6538-41ed-95e8-8b29746cd697\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor OS vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"osVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3576e28-8b17-4677-84c3-db2990658d64\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"global\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"notEquals\": \"Microsoft.AzureActiveDirectory/b2cDirectories\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e56962a6-4747-49cd-b67b-bf8b01975c4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Node.js Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Node.js version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestNodeJS\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e67687e8-08d5-4e7f-8226-5b4753bba008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations for resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that resource groups can be created in.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e765b5de-1225-4ba3-bd56-1ac6695af988\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within a web application must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e797f851-8be7-4c40-bb56-2e3395215b0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an API app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration and Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid110\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"NotInstalledApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"NotInstalledApplication\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[Parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0633351-c7b2-41ff-9981-508fc08553c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid121\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if they not logging to the LA workspace specified in the policy/initiative assignment.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"notEquals\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f47b5582-33ec-4c5c-87c0-b010a6b2e917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of authorization rules on Event Hub entities\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit existence of authorization rules on Event Hub entities to grant least-privileged access\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/eventhubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/eventHubs/authorizationRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4826e5f-6a27-407c-ae3e-9582eb39891d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Auditing on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\",\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8456c1c-aa66-4dfb-861a-25d127b775c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Service Bus\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Stream Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Stream Analytics\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingJobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits that the specified application is installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor SQL vulnerability assessment results in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedinstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"feedbf84-6b99-488c-acc2-71c829aa5ffc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"cheggert: Append VMSS extension\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/virtualMachineProfile\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*].type\",\r\n \"notEquals\": \"GenevaMonitoring\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*]\",\r\n \"value\": {\r\n \"name\": \"Microsoft.Azure.Geneva.GenevaMonitoring\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Geneva\",\r\n \"type\": \"GenevaMonitoring\",\r\n \"typeHandlerVersion\": \"1.8\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {}\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/01b105ed-6ded-4a1d-894c-df85fd9351cb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"01b105ed-6ded-4a1d-894c-df85fd9351cb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage_httpsTrafficOnly\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/023217dd-81bb-461f-93ea-8799caac50c7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"023217dd-81bb-461f-93ea-8799caac50c7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"This shouldn't work\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This customer's policy is attempting to append multiple tags at once. I expect it will just append one tag with a really long name\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"value\": [\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04183864-11ae-4e7a-aadb-c600e40ed1b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04183864-11ae-4e7a-aadb-c600e40ed1b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Inherit named tag from resource group\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Applies the tag value from the resource group if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[resourcegroup().tags[parameters('tagName')]]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04904947-4d10-4454-9a50-f423d590e11b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04904947-4d10-4454-9a50-f423d590e11b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : AuditIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"deploys a delete lock for a resource \",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/0b88dfdb-55b3-4fb0-b474-5b6dcbe6b2ef/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"CanNotDelete\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {},\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"apiVersion\": \"2015-01-01\",\r\n \"name\": \"DeleteLock\",\r\n \"properties\": {\r\n \"level\": \"CanNotDelete\",\r\n \"notes\": \"prevent deletion\"\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ddd96d8-fccd-40cb-81d2-5072a4ed061c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ddd96d8-fccd-40cb-81d2-5072a4ed061c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robga-nsgtemplate-test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ddfee46-9b63-4313-a529-cfbf968d8118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ddfee46-9b63-4313-a529-cfbf968d8118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akif incident - 85944710\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 85944710\\nhttps://icm.ad.msft.net/imp/v3/incidents/details/85944710/home\\n\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af12870bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af12870bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"second attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af1287abe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af1287abe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"chegg: Deploy azsecpack autoupgrade (VMSS)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n }\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*].name\",\r\n \"notEquals\": \"Microsoft.Azure.Geneva.GenevaMonitoring\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"Microsoft.Azure.Geneva.GenevaMonitoring\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"GenevaMonitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Geneva\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/enableAutomaticUpgrade\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-10-01\",\r\n \"name\": \"[concat(parameters('vmssName'), '/Microsoft.Azure.Geneva.GenevaMonitoring')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"enableAutomaticUpgrade\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ec05dac-e529-48ef-8c20-f7e6af99a12b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ec05dac-e529-48ef-8c20-f7e6af99a12b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/123c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"123c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim nsg repro\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"fix\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/14ac45e9-df97-455d-b6ee-dd216f15f694\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"14ac45e9-df97-455d-b6ee-dd216f15f694\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim-incident-86226837-fix\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"1 - reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/15358dd8-671e-4c96-be33-2b668791418f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"15358dd8-671e-4c96-be33-2b668791418f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Attempt service bus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logProfiles\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logProfiles/serviceBusRuleId\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/163c640e-681c-445f-92ba-cd434bd8c11c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"163c640e-681c-445f-92ba-cd434bd8c11c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.zyx\",\r\n \"exists\": \"false\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/17d43473-870f-4bc8-93c6-3961fa1d91cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17d43473-870f-4bc8-93c6-3961fa1d91cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"peterhaugeaudit\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Testing resource group in IfNotExists (not the intent of the original policy, but looks like there's some weirdness here)\\n\\nChanged: Microsoft.Resources/subscriptions/resourceGroups to Microsoft.Resources/resourceGroups\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"name\": \"EnforceServicePrincipalAccessToDevTestLabsResourceGroups\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/19153189-4506-4910-b7bc-756e0188a6f2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"19153189-4506-4910-b7bc-756e0188a6f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit all tags\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"tags\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags\",\r\n \"value\": \"[resourceGroup().tags]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1e3c9312-c011-40a3-ac40-3bf3ddc24120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e3c9312-c011-40a3-ac40-3bf3ddc24120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource group locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Allowed resource group locations\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f20036f-28c3-48f3-9266-05d50fe391f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f20036f-28c3-48f3-9266-05d50fe391f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"docdb_aliases_test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/isVirtualNetworkFilterEnabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f5360b7-fe59-43f7-8af5-825df420d09c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f5360b7-fe59-43f7-8af5-825df420d09c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ovewrites security rules with IP restrictions at the securityRule level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Limit to one protocol. The most inclusive should come last. I.e. 22;22-22;22-23\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"priority\": {\r\n \"type\": \"int\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[parameters('fullRuleName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-02-01\",\r\n \"properties\": {\r\n \"protocol\": \"*\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[last(parameters('destinationPortRanges'))]\",\r\n \"access\": \"Allow\",\r\n \"direction\": \"Inbound\",\r\n \"priority\": \"[parameters('priority')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[field('Microsoft.Network/networksecurityGroups/securityRules/priority')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"20c4afd0-8a77-4433-b8b0-4ad06e4c7111\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy NSGs on Subnets\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforce that all subnets have a Network Security Group. If a subnet does not have one an NSG with the default Internet Exposed Endpoint restrictions will be created and associated with it.\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string to apply to all automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges must not overlap.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks/subnets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"notEquals\": \"null\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgPrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"nsgName\": \"[concat(parameters('nsgPrefix'), '-', parameters('location'))]\",\r\n \"vnetName\": \"[split(parameters('fullResourceName'), '/')[0]]\",\r\n \"vnetResourceId\": \"[resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))]\",\r\n \"getVnetDeploymentName\": \"[concat('getVnet-', variables('vnetName'))]\",\r\n \"collectSubnetsDeploymentName\": \"[concat('collectSubnets-', variables('vnetName'))]\",\r\n \"overwriteVnetDeploymentName\": \"[concat('overwriteVnet-', variables('vnetName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"vnetProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('vnetResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[variables('nsgName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"securityRules\": [\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Restrict\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from specific IP ranges (either corpnet or SAW)\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3997,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_AllowVnet\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from within the VNET\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"VirtualNetwork\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3998,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Deny\",\r\n \"properties\": {\r\n \"description\": \"Deny any controlled port connections that aren't explicitly allowed in higher priority rules\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 3999,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_AllowAll\",\r\n \"properties\": {\r\n \"description\": \"Allow all inbound traffic that isn't explicitly blocked by Port Lockdown restrictions\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 4000,\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectSubnetsDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_collectSubnets_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"nsgResourceId\": {\r\n \"value\": \"[resourceid('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"dependsOn\": [\r\n \"[variables('nsgName')]\"\r\n ],\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_overwriteVnet_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"updatedSubnets\": {\r\n \"value\": \"[reference(variables('collectSubnetsDeploymentName')).outputs.updatedSubnets.value]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"nsgPrefix\": {\r\n \"value\": \"[parameters('nsgPrefix')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/210ed8bd-6b07-4d5e-a62c-c34f07293288\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"210ed8bd-6b07-4d5e-a62c-c34f07293288\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit all Microsoft.Web/sites/config/authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/211a466d-b2be-46e8-b029-8c28f566f118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"211a466d-b2be-46e8-b029-8c28f566f118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of a tag2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits that a required tag is present on resources\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"notcontainsKey\": \"[parameters('tagName')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24813039-7534-408a-9842-eb99f45721b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append single location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.locationTest\",\r\n \"value\": \"[parameters('allowedLocation')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin oms vm linux parameterized effect\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"263f13f4-6b88-4788-bead-34beedde70ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere strange alias in field function\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"Tags['asdasd']\",\r\n \"equals\": \"[concat('whatever', 'a')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/26556185-593c-4866-9c0c-114ac0bf6120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26556185-593c-4866-9c0c-114ac0bf6120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test guest assignment\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/28e54a72-2fd7-40d3-afe2-b05423e0147a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"28e54a72-2fd7-40d3-afe2-b05423e0147a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"2nd attempt on this policy. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"notIn\": \"[parameters('allowedLocations')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd60841400\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd60841400\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-combined\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"the combined policy attempt for both cosmos db cases. \",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"locationNames\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd6084180f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd6084180f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage ip rules append 2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.ipRules\",\r\n \"value\": [\r\n {\r\n \"value\": \"8.8.8.8\",\r\n \"action\": \"Allow\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/2b2317a7-ab02-47b5-8159-eb7e6227709f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2b2317a7-ab02-47b5-8159-eb7e6227709f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[demo] Enforce KeyVault diagnostic log storage\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"[tolower(concat('cheggkv', parameters('location')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('cheggremdemo', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/332ce4ac-9200-4573-8c66-92b85fc82c8d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"332ce4ac-9200-4573-8c66-92b85fc82c8d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_enableAutomaticFailover\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/enableAutomaticFailover\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_defaultConsistencyLevel\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/consistencyPolicy.defaultConsistencyLevel\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0b7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_readLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_writeLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_failoverPolicies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd160\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c0df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c0df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL and Managed Instance TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c144\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c144\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services vaults test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"vault\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vault\",\r\n \"description\": \"The Recovery Services Vault.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n },\r\n \"vaults\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vaults\",\r\n \"description\": \"The list of Recovery Services Vaults.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('vault')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('vaults')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b2c1b0f-63c5-4943-8578-6d37fbe411bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b2c1b0f-63c5-4943-8578-6d37fbe411bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b788cf8-ff6f-4075-86a1-ab76270790e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b788cf8-ff6f-4075-86a1-ab76270790e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3cc5820a-cbb8-4977-9c90-d90ced95f12c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3cc5820a-cbb8-4977-9c90-d90ced95f12c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Name should have prefix and suffix\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Name should have prefix and suffix\",\r\n \"parameters\": {\r\n \"prefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The prefix\",\r\n \"description\": \"The name prefix\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"suffix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The suffix\",\r\n \"description\": \"The name suffix.\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('prefix'), '*', parameters('suffix'))]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e275e2e-a157-4ade-8f91-43b3ea370007\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e275e2e-a157-4ade-8f91-43b3ea370007\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Restrict VM skus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Restricts allowed VM skus to a predefined regex\",\r\n \"parameters\": {\r\n \"allowedSkuTemplate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed VM sku template\",\r\n \"description\": \"The VM sku template. Supports wildcards via '*'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"like\": \"[parameters('allowedSkuTemplate')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e34c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e34c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKU\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits the use of storage account SKUs that don't meet organizational cost policy.\",\r\n \"parameters\": {\r\n \"listOfAllowedSkus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of allowed SKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSkus')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e3682\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e3682\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaDataFactoryTest1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"RobgaDataFactoryTest\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataFactory/factories\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/robgatestworkspace/providers/Microsoft.OperationalInsights/workspaces/robgatestworkspace\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce autoUpgrade on VM/VMSS extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies any VM or VMSS extensions that do not have autoUpgradeMinorVersion set to true.\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f772\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f772\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically enabled autoUpgradeMinorVersion on VM extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f783\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f783\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM scale set extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically appends autoUpgradeMinorVersion=true to VMSS extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f7a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f7a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService must use serverFarm\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService serverFarm must have capacity > 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/serverFarms\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/serverFarms/sku.capacity\",\r\n \"in\": [\r\n \"0\",\r\n \"1\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc23\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc23\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Do_Not_Delete\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy is used for unit tests. Please do not delete it.\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4a0425e4-97bf-4ad0-ab36-145b94083c60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4a0425e4-97bf-4ad0-ab36-145b94083c60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny MySQL firewallRules starting with 0\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4b94c320-ce63-4fb6-ba9d-7dbe648b90de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4b94c320-ce63-4fb6-ba9d-7dbe648b90de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83686598\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"deny the creation of storage if supportsHttpsTrafficOnly is false\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"detect 'allow All' NSG rule\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c915617-16f0-4c62-b021-e66d5409d11d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c915617-16f0-4c62-b021-e66d5409d11d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332195\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332199\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332199\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny storage container creation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts/blobServices/containers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4d2f8837-7acb-4488-b580-95960ee3f116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d2f8837-7acb-4488-b580-95960ee3f116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure auto-created NSG rules exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ensures that security rules created in auto-created PortLockdown NSGs are not tampered with\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string applied to automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to in the expected security rule. I.e. 192.4.0.0/8;192.5.0.0/8 or *\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions in the expected security rule\"\r\n }\r\n },\r\n \"priority\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected priority\",\r\n \"description\": \"The priority of the expected security rule.\"\r\n }\r\n },\r\n \"access\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected access\",\r\n \"description\": \"The access (allow/deny) of the expected security rule.\"\r\n },\r\n \"allowedValues\": [\r\n \"Allow\",\r\n \"Deny\"\r\n ]\r\n },\r\n \"name\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected name\",\r\n \"description\": \"The name of the expected security rule.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('nsgPrefix'), '-', field('location'))]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"equals\": \"[parameters('priority')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"[parameters('access')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"name\": {\r\n \"type\": \"string\"\r\n },\r\n \"priority\": {\r\n \"type\": \"string\"\r\n },\r\n \"access\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"isSinglePrefix\": \"[equals(count(parameters('sourceAddressPrefixes')), 1)]\",\r\n \"isSinglePortRange\": \"[equals(count(parameters('destinationPortRanges')), 1)]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('nsgName'), '/', parameters('name'))]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"properties\": {\r\n \"description\": \"Rule auto-created by Internet Exposed Endpoints protection\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[if(variables('isSinglePortRange'), first(parameters('destinationPortRanges')), '')]\",\r\n \"destinationPortRanges\": \"[if(not(variables('isSinglePortRange')), parameters('destinationPortRanges'), json('[]'))]\",\r\n \"sourceAddressPrefix\": \"[if(variables('isSinglePrefix'), first(parameters('sourceAddressPrefixes')), '')]\",\r\n \"sourceAddressPrefixes\": \"[if(not(variables('isSinglePrefix')), parameters('sourceAddressPrefixes'), json('[]'))]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"[parameters('access')]\",\r\n \"priority\": \"[int(parameters('priority'))]\",\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"name\": {\r\n \"value\": \"[parameters('name')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[parameters('priority')]\"\r\n },\r\n \"access\": {\r\n \"value\": \"[parameters('access')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f283ec4-25a9-46df-bbf2-806ed5a3e115\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rs defaultvalue backslash\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Extensions to Exclude\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \".FWD;.GSC;.GSE;.MYD;.MYI;.SMD;.VAC;.BAK;.CHK;.FRM;.LDF;.LOG;.MBX;.MDF;.NDF;.TRN;.UND;.UNF;.UNH;.UNI;.UNQ;.UNS;.VHD;.VMDX;.WCI;.EDB;.SDS\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Paths to Exclude\",\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Sysvol;C:\\\\ProgramData\\\\Microsoft\\\\SharePoint;C:\\\\Program Files\\\\Common Files\\\\Microsoft Shared\\\\Web Server Extensions;C:\\\\Program Files\\\\Operations Manager;C:\\\\Program Files\\\\Microsoft Monitoring Agent;C:\\\\Program Files\\\\Microsoft Office Servers;C:\\\\Program Files\\\\Microsoft System Center 2012 R2\\\\Server;C:\\\\Program Files\\\\System Center Operations Manager;C:\\\\Program Files\\\\System Center Operations Manager 2007;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\NTDS;C:\\\\Windows\\\\System32\\\\LogFiles;C:\\\\Windows\\\\Sysvol;C:\\\\Program Files\\\\Double-Take Software;C:\\\\Program Files\\\\DoubleTake;C:\\\\Program Files\\\\Exchsrvr;C:\\\\Program Files\\\\Ipswitch;C:\\\\Program Files\\\\LogMeIn;C:\\\\Windows\\\\SoftwareDistribution\\\\Datastore;C:\\\\Windows\\\\Temp\\\\Gthrsvc\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Processes to Exclude\",\r\n \"description\": \"Semicolon delimited list of processes to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"HealthService.exe;ManagementService.exe;Microsoft.Mom.Sdk.Service.exe;Microsoft.Mom.ConfigServiceHost.exe;MonitoringHost.exe;pagefile.sys\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable real time protection\",\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Scheduled scans\",\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n },\r\n \"defaultValue\": \"false\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Scheduled Scan Type\",\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n },\r\n \"defaultValue\": \"Quick\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Day of Scheduled Scan\",\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n },\r\n \"defaultValue\": \"7\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Time of Scheduled Scan\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"120\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"value\": \"[parameters('ExclusionsExtensions')]\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"value\": \"[parameters('ExclusionsPaths')]\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"value\": \"[parameters('ExclusionsProcesses')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"[parameters('RealtimeProtectionEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsIsEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsDay')]\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsTime')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50877efd-8dd9-43d5-b4e6-3b70e64311b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50877efd-8dd9-43d5-b4e6-3b70e64311b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy key vault KV_B if key vault KV_A does not exist.\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy will deploy a key vault named KV_B if a key vault named KV_A does not exist.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"KV_B\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-10-01\",\r\n \"name\": \"KV_A\",\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"location\": \"eastus2\",\r\n \"properties\": {\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"sku\": {\r\n \"family\": \"A\",\r\n \"name\": \"standard\"\r\n },\r\n \"accessPolicies\": []\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50e2972e-143c-4edf-9ef6-bee0f84212d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaTestRbac\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Authorization/roleAssignments/principalId\",\r\n \"equals\": \"Admin\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/560482cd-dac5-41e6-9cef-b0aecd6020de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"560482cd-dac5-41e6-9cef-b0aecd6020de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : definition param with assignPermissions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/57ef268f-b414-436a-9894-125a81d80b30\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"57ef268f-b414-436a-9894-125a81d80b30\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"GokmenhAuditLocation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit if not west us\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5948d091-78b7-4d3b-a404-cc6a0329b0c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5948d091-78b7-4d3b-a404-cc6a0329b0c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"deployifnotexist template alias tests - redis\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/Redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/sku.family\",\r\n \"equals\": \"C\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"Whatever*\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"type\": \"string\"\r\n },\r\n \"nameField\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuFamilyOut\": {\r\n \"value\": \"[parameters('skuFamily')]\",\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPortOut\": {\r\n \"value\": \"[parameters('enableNonSslPort')]\",\r\n \"type\": \"string\"\r\n },\r\n \"nameFieldOut\": {\r\n \"value\": \"[parameters('nameField')]\",\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/sku.family')]\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/enableNonSslPort')]\"\r\n },\r\n \"nameField\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"exists\": \" false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca376\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca376\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86318519\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86318519\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallrules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"AllowAllWindowsAzureIps\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca600\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca600\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"exists\": \"true\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"notIn\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca8d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca8d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Test storage alias\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Test storage alias\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"type\": \"string\"\r\n },\r\n \"encrypt\": {\r\n \"type\": \"string\"\r\n },\r\n \"accessTier\": {\r\n \"type\": \"string\"\r\n },\r\n \"skuName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuNameOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('skuName')]\"\r\n },\r\n \"accessTierOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('accessTier')]\"\r\n },\r\n \"httpsOnlyOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('httpsOnly')]\"\r\n },\r\n \"encryptOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('encrypt')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly')]\"\r\n },\r\n \"encrypt\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/enableBlobEncryption')]\"\r\n },\r\n \"accessTier\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/accessTier')]\"\r\n },\r\n \"skuName\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/sku.name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5fa69139-9a49-464e-90b5-0d243a469138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5fa69139-9a49-464e-90b5-0d243a469138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit costcenter tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"value\": \"[resourceGroup().tags.CostCenter]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6ced0d17-98f3-41e2-8038-08c8f4fb90e3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6ced0d17-98f3-41e2-8038-08c8f4fb90e3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim Apply allowed tag and its default value\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"3\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n },\r\n \"allowedValues\": [\r\n \"TagA\",\r\n \"TagB\"\r\n ]\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6d1735de-f3e3-4c40-a8b2-7b3a1042a895\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6d1735de-f3e3-4c40-a8b2-7b3a1042a895\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": null\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"3\"\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"Metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The metric operator.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"The timeAggregation.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"The window size.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"The evaluation frequency.\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The action group id.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('alertNamePrefix'), '*')]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(toLower(parameters('alertNamePrefix')), uniqueString(resourceGroup().id))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6f2c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6f2c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testImageId\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"css\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"contains\": \"resourceGroups/testSandipsh\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/70dc1e8d-61c9-4089-8bf5-895b227c1298\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"70dc1e8d-61c9-4089-8bf5-895b227c1298\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"policyTrackedResources-sdk-tests\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"notIn\": [\r\n \"policyTrackedResources-sdk-tests-rule1\",\r\n \"policyTrackedResources-sdk-tests-rule2\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule1')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule2')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2001,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny if blob is not encrypted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/74d5cf40-7293-46a4-a285-7ea971e3719a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"74d5cf40-7293-46a4-a285-7ea971e3719a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Location restriction\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Policy to force allocations to a set of given locations\",\r\n \"metadata\": {\r\n \"category\": \"cstack\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/763dcd1d-a4a9-46a8-8bd3-357c4533a335\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"763dcd1d-a4a9-46a8-8bd3-357c4533a335\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83577342 deny proxy resource location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/83577342/home\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"eastus\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingjobs/transformations\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/77429b44-aac1-4417-a53e-6900c07e11ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"77429b44-aac1-4417-a53e-6900c07e11ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Block TLS < 1.2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/slots/config\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\r\n \"notEquals\": \"1.2\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/78c5df31-2f05-4f4d-acfe-3e536d88c1bc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"78c5df31-2f05-4f4d-acfe-3e536d88c1bc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny ActiveDirectory administrators\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/administrators/administratorType\",\r\n \"equals\": \"ActiveDirectory\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash weird chars\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR!@#$%^&*()_+=-{}[];:',.<>?~`/;C:\\\\hello\\\\there\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7f4d769f-78db-46eb-ac3c-0b8214f8c245\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f4d769f-78db-46eb-ac3c-0b8214f8c245\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock v2\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/83daa8ee-7c9a-470c-81a8-5a99ac09d134\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83daa8ee-7c9a-470c-81a8-5a99ac09d134\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"northwell.io\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/86cd412c-c557-473b-984c-a5f15cdcb116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86cd412c-c557-473b-984c-a5f15cdcb116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Parameterized effect (if location != eastus)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The policy effect.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"eastus\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"885f1dcb-a9c5-4c8c-8996-2702db44a2d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.xyz\",\r\n \"exists\": false\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8959fd87-c1dd-4831-9034-a4f876bee1cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8959fd87-c1dd-4831-9034-a4f876bee1cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Kubernetes ingress policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Only specified ingress is allowed based on names\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere applicability test 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/whatever\"\r\n },\r\n {\r\n \"field\": \"tags.applicability\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8e6b598c-1a45-404b-97dd-983e37c040da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8e6b598c-1a45-404b-97dd-983e37c040da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_ipRangeFilter\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/ipRangeFilter\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9012b1cd-b045-46c6-a510-6137e06a009c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elperetest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"value\": \"[resourceGroup().tags['Hyphen-test']]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9389a21b-2134-414a-a579-e9f2709b2131\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9389a21b-2134-414a-a579-e9f2709b2131\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash (array)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": [\r\n \"C:\\\\rs-pkgs\",\r\n \"C:\\\\System Volume Information\\\\DFSR\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/985adbc0-6d2e-448a-ac26-89d3688191d5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"985adbc0-6d2e-448a-ac26-89d3688191d5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github209\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/virtualNetworkRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9a060c03-fda7-4b0a-b4da-15e2b7e4d117\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9a060c03-fda7-4b0a-b4da-15e2b7e4d117\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - Subscription Lvl test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Subscriptionlevel auditIfNotExist policy\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a1b067c8-2970-4c0b-b0da-31ae7f33d1de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1b067c8-2970-4c0b-b0da-31ae7f33d1de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Noop\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Don't do anything\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"yabba\",\r\n \"dabba\",\r\n \"doo\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a309ad64-0bae-48d9-a6b1-d99c0b4218b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a309ad64-0bae-48d9-a6b1-d99c0b4218b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyof\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a337c781-c7d8-4e12-ae69-1951c7e74378\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a337c781-c7d8-4e12-ae69-1951c7e74378\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127 - better\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\",\r\n \"Deny\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"81196380\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure https traffic only for storage account\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure https traffic only for storage account\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"true\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscription name tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"add subscription name tag\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionname\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionname\",\r\n \"value\": \"[subscription().displayName]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d82a2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d82a2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Add subscription \\\"id\\\" tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.id\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.id\",\r\n \"value\": \"[subscription().id]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8339\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8339\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscriptionId tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionId\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionId\",\r\n \"value\": \"[subscription().subscriptionId]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8635\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8635\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgaNSGtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/aeb6a524-e3d1-4b8a-afa8-26ae4e291116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aeb6a524-e3d1-4b8a-afa8-26ae4e291116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed Location Indexed\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"hackathon policy\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Allowed-Locations-Indexed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Allowed-Locations-Indexed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if antiMalware extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy audits if the anti malware extension .\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/antiMalwareExtensionExists\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"antiMalwareExtensionExists\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Web socket must be disabled on App Services\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures web sockets are disabled on App Services.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/AppServiceWebSockets\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"AppServiceWebSockets\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure Security Center must be enabled\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures Azure Security Center is enabled.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ASCEnabled\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ASCEnabled\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and it's value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and its value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits if a required extension doesn't exist.\",\r\n \"parameters\": {\r\n \"publisher\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The publisher of the extension\",\r\n \"displayName\": \"Extension Publisher\"\r\n }\r\n },\r\n \"type\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The type of the extension\",\r\n \"displayName\": \"Extension Type\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"[parameters('publisher')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"[parameters('type')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/audit-vm-extension\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"audit-vm-extension\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"CanCrudPolicyAssignment Policy Definition $[Auto Test]\",\r\n \"policyType\": \"Custom\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"ResourceProviderTestHost/TestResourceType/TestResourceTypeNestedOne/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/azsmnet6487\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"azsmnet6487\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"89322663 audit diag setting\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"description\": \"The list of resources types to audit for missing diagnostic log settings.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"details\": {\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"equals\": \"true\",\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\"\r\n }\r\n ]\r\n },\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\"\r\n },\r\n \"effect\": \"AuditIfNotExists\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b350b9b0-8ba5-4867-bc9c-63b4544671b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b350b9b0-8ba5-4867-bc9c-63b4544671b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"makharchtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"policy\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b36f6195-0fc5-4a41-bbce-875248400f5f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b36f6195-0fc5-4a41-bbce-875248400f5f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash really long string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b9203c56-0565-434a-a315-87f4da9f21b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b9203c56-0565-434a-a315-87f4da9f21b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"NSG Rules exists test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].protocol\",\r\n \"notLike\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/bb6a78ae-8737-41e0-9c41-cc777c8c00a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bb6a78ae-8737-41e0-9c41-cc777c8c00a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"Category\": \"Flintstones\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"yabba\",\r\n \"dabba\",\r\n \"doo\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/BedrockPolicy\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"BedrockPolicy\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c0f586f1-abe5-4801-8588-7332e49e60c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c0f586f1-abe5-4801-8588-7332e49e60c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"234\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logprofiles\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/logprofiles\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Doublecheck the lifecycle tag policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy refers to tags['Lifecycle'], which with the current implementation of the escaped tags syntax will refer to a tag named 'Lifecycle' (quotes and all). This is a customer policy that would be broken when I switch the meaning of tags['Lifecycle'] to refer simply to a tag named Lifecycle (no quotes)\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['Lifecycle']\",\r\n \"notIn\": [\r\n \"dev\",\r\n \"tst\",\r\n \"stg\",\r\n \"prd\",\r\n \"trn\",\r\n \"prf\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c6be98a9-8108-40aa-b726-d2ae8e2891b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c6be98a9-8108-40aa-b726-d2ae8e2891b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe resource group auditIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c7b9982d-2f50-4730-935f-5c241982a441\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c7b9982d-2f50-4730-935f-5c241982a441\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed resource types\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": \"The list of allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('allowedTypes')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c872f951-1c5d-4c61-89dd-aee2350a11ba\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8b79b49-a579-4045-984e-1b249ab8b474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8cedfaa-4aa0-465a-8b90-49caf8177158\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8cedfaa-4aa0-465a-8b90-49caf8177158\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere css block NSG changes\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/95894791/home\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"nsgName\",\r\n \"description\": \"The name of the NSG.\"\r\n },\r\n \"defaultValue\": \"nsgName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('nsgName')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"fullName\",\r\n \"like\": \"[concat(parameters('nsgName'), '/*')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ca01432d-4278-45a6-8137-69f2155d2248\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ca01432d-4278-45a6-8137-69f2155d2248\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin empty string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure resource names meet the like condition for a pattern.\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"namePattern\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"namePattern\",\r\n \"description\": \"Pattern to use for names. Can include wildcard (*).\"\r\n },\r\n \"allowedValues\": [\r\n \"\",\r\n \"one\",\r\n \"two\"\r\n ],\r\n \"defaultValue\": \"\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('namePattern')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"camarvin-test-empty-assign\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere append 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.test\",\r\n \"value\": \"1\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny on 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.test\",\r\n \"equals\": \"1\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Resource name contains resource group name\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Require resources to contain the resource group's name\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"notContains\": \"[resourceGroup().name]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/contain-resource-group-name\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"contain-resource-group-name\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v3\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"third attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5002\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-deployIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"deploys a delete lock for a resource \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/0b88dfdb-55b3-4fb0-b474-5b6dcbe6b2ef/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"CanNotDelete\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {},\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"apiVersion\": \"2015-01-01\",\r\n \"name\": \"DeleteLock\",\r\n \"properties\": {\r\n \"level\": \"CanNotDelete\",\r\n \"notes\": \"prevent deletion\"\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5632\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5632\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce KeyVault diagnostic log storage (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"elperetest\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('elpere', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d0d9349d-843c-443a-9f27-5ce84f08c37e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d0d9349d-843c-443a-9f27-5ce84f08c37e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere template paramters function tests\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"testing strange array behavior\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"contains\": \"lmao\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"String\"\r\n },\r\n \"dataDisks\": {\r\n \"type\": \"object\"\r\n },\r\n \"osDisk\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmVar\": \"[parameters('vmName')]\",\r\n \"dataDisksVar\": \"[parameters('dataDisks')]\"\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"vmNameOut\": {\r\n \"value\": \"[variables('vmVar')]\",\r\n \"type\": \"String\"\r\n },\r\n \"dataDisksOut\": {\r\n \"value\": \"[concat(array(parameters('osDisk')), if(empty(parameters('dataDisks').rawValue), parameters('dataDisks').emptyArray, array(parameters('dataDisks').rawValue)))]\",\r\n \"type\": \"array\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"dataDisks\": {\r\n \"value\": {\r\n \"rawValue\": \"[field('Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.id')]\",\r\n \"emptyArray\": []\r\n }\r\n },\r\n \"osDisk\": {\r\n \"value\": \"[field('Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.id')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d2532053-bf59-4095-a1ae-2b7e4744f119\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d2532053-bf59-4095-a1ae-2b7e4744f119\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Access KV as part of remidiation deployment test (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"hello\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"outputs\": {\r\n \"testSecretOutput\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('testSecret')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"reference\": {\r\n \"keyVault\": {\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/elpere/providers/Microsoft.KeyVault/vaults/elpereKv\"\r\n },\r\n \"secretName\": \"test\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d35ce9be-f51b-4d3e-bc7f-dde2936381b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d35ce9be-f51b-4d3e-bc7f-dde2936381b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - inv\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"inv \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\",\r\n \"details\": {\r\n \"functionId\": \"subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourcegroups/AKif2WebApp/providers/Microsoft.Logic/workflows/deneme\",\r\n \"payload\": {\r\n \"locations\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d54722e7-4665-47ce-9a82-2f96cebfe238\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d54722e7-4665-47ce-9a82-2f96cebfe238\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - incident - gardner\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"name\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"text\": {\r\n \"type\": \"string\",\r\n \"value\": \"Policy executed for resource [parameters('name')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"name\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d54722e7-4665-47ce-9a82-2f96cebfe353\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d54722e7-4665-47ce-9a82-2f96cebfe353\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs (NSG level)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Overwrites security rules with IP restrictions at the NSG level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges may overlap.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"getNsgDeploymentName\": \"[concat('getNSGContent-', parameters('nsgName'))]\",\r\n \"collectorDeploymentName\": \"[concat('collectRules-', parameters('nsgName'))]\",\r\n \"overwriteNsgDeploymentName\": \"[concat('overwriteNsg-', parameters('nsgName'))]\",\r\n \"nsgResourceId\": \"[resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"nsgProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('nsgResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectorDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_collectRules_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"nsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"portRangesToRestrict\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_overwriteNSG_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"originalNsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"updatedSecurityRules\": {\r\n \"value\": \"[reference(variables('collectorDeploymentName')).outputs.updatedSecurityRules.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d7b13c30-e6aa-47e1-b50a-8e33f152d086\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d7b13c30-e6aa-47e1-b50a-8e33f152d086\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7121\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7126\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e712b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7130\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7135\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e713a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Audited skus\",\r\n \"description\": \"The list of skus.\",\r\n \"strongType\": \"storageSkus\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e90ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e90ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List Of Allowed SKUs\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"vmSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e9170\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e9170\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[elpere] deployIfNotExists Runners test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"deployIfNotExistsTestsRule\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/deployIfNotExistsTestsRule')]\",\r\n \"properties\": {\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbfa9fc0-5202-4001-8759-1aa2387f825b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbfa9fc0-5202-4001-8759-1aa2387f825b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"allowedOS\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"test_sandipsh\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedWindows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Windows VMs\",\r\n \"description\": \"The list of allowed VMs for Windows.\"\r\n }\r\n },\r\n \"listOfAllowedUbuntus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Ubuntu VMs\",\r\n \"description\": \"The list of allowed VMs for Ubuntu.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/disks\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"Canonical\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"UbuntuServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedUbuntus')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedWindows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services backup policies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"policies\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policies\",\r\n \"description\": \"The list of allowed Recovery Services backup policies.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n },\r\n \"policy\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policy\",\r\n \"description\": \"Allowed Recovery Services backup policy.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('policies')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('policy')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e3f9a624-b17d-4dc8-9649-65814d3241bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3f9a624-b17d-4dc8-9649-65814d3241bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"authSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their logs config\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"logs\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny changing sites authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"defaultValue: all parameters\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"defaultValue\"\r\n },\r\n \"parameters\": {\r\n \"locations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array)\",\r\n \"description\": \"The list of locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": [\r\n \"eastus\",\r\n \"westus\"\r\n ]\r\n },\r\n \"location\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string)\",\r\n \"description\": \"The location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"resourceGroups\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array)\",\r\n \"description\": \"The list of resource groups.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": [\r\n \"camarvin\"\r\n ]\r\n },\r\n \"resourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string)\",\r\n \"description\": \"The resource group.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": \"camarvin\"\r\n },\r\n \"tags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array)\",\r\n \"description\": \"The list of tags.\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"tag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string)\",\r\n \"description\": \"The tag.\"\r\n },\r\n \"defaultValue\": \"\"\r\n },\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array, av)\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": [\r\n \"eastus\"\r\n ]\r\n },\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string, av)\",\r\n \"description\": \"The allowed location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"allowedStorageSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array, av)\",\r\n \"description\": \"The list of allowed storage SKUs for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ]\r\n },\r\n \"allowedStorageSKU\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string, av)\",\r\n \"description\": \"The allowed storage SKU for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": \"Standard_LRS\"\r\n },\r\n \"allowedTags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array, av)\",\r\n \"description\": \"The list of allowed tags.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ]\r\n },\r\n \"allowedTag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string, av)\",\r\n \"description\": \"The allowed tag.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": \"FirstName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('locations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('resourceGroups')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('resourceGroup')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('tags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('tag')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedStorageSkus')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"Equals\": \"[parameters('allowedStorageSku')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedTags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"NotEquals\": \"[parameters('allowedTag')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ea1688b3-022e-4add-af39-2fe60689a3b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ea1688b3-022e-4add-af39-2fe60689a3b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny \\\"Allow All\\\" NSG rules\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies the creation of sourceAddressPrefix=\\\"*\\\", destinationPortRange=\\\"*\\\" NSG security rules\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"PortLockdown_AllowAll\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"notEquals\": \"4000\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github264\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/siteAuthSettings.enabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ef00ee9d-fe45-4d14-8bee-789eea392116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ef00ee9d-fe45-4d14-8bee-789eea392116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"GokmenhTestTagWithHyphen5\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"GokmenhTestTagWithHyphen5\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"value\": \"[resourceGroup().tags['Hyphen-test']]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/f2320be5-23be-4b58-8d8e-08c3044dd60f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f2320be5-23be-4b58-8d8e-08c3044dd60f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy enables you to audit your location.\",\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/LocationAuditDefinition\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"LocationAuditDefinition\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"northeurope\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/policy2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"policy2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps6386\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps6386\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9652\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps9652\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9867\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps9867\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test policy\",\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testSandipsh.draft\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testSandipsh.draft\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testtest\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"testtest\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testtest\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testtest\"\r\n }\r\n ]\r\n}", "StatusCode": 200 }, { @@ -156,16 +156,16 @@ "Accept-Encoding" ], "x-ms-ratelimit-remaining-subscription-reads": [ - "11958" + "11999" ], "x-ms-request-id": [ - "westus2:ac7921a0-ecdf-4c14-bc2b-6903d7f5dec3" + "westus2:7c75e606-5534-4ef7-af54-7ec1c504ea29" ], "x-ms-correlation-request-id": [ - "1baf8494-4266-4c88-86aa-8ef067fac709" + "01c74a00-9f31-40d3-9b0b-ddaa66abf563" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T214056Z:1baf8494-4266-4c88-86aa-8ef067fac709" + "WESTUS2:20190116T193709Z:01c74a00-9f31-40d3-9b0b-ddaa66abf563" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -174,10 +174,10 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:40:55 GMT" + "Wed, 16 Jan 2019 19:37:08 GMT" ], "Content-Length": [ - "439489" + "487308" ], "Content-Type": [ "application/json; charset=utf-8" @@ -189,7 +189,7 @@ "0" ] }, - "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines without disaster recovery configured\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"ASR-Protect-*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an Function app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"001802d1-4969-4c82-a700-c29c6c6f9bbd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"053d3325-282c-4e5c-b944-24faffd30d77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Data Lake Store\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057ef27e-665e-4328-8ea3-04b3122bd9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL DB Level Audit Setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit DB level audit setting for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit VMs that do not use managed disks\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0868462e-646c-4fe3-9ced-a733534b6a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08b17839-76c6-4015-90e0-33d9d54d219c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit minimum number of owners for subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate more than one subscription owner in order to have administrator access redundancy.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateMoreThanOneOwner\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted VM Disks in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0961003e-5a0a-4549-abde-af6a37f2724d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit resource location matches resource group location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that the resource location matches its resource group location\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"notIn\": [\r\n \"[resourcegroup().location]\",\r\n \"global\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a914e76-4921-4c19-b460-a2d36003525a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an function app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e60b895-3786-45da-8377-9c6b4b6ac5f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11ac78e3-31bc-4f0c-8434-37ab963cea07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the required content to audit that an application is installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"WhitelistedApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WhitelistedApplication\"\r\n },\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"installedApplication\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[Parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit transparent data encryption status\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit transparent data encryption status for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"enabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17k78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1c210e94-a481-4beb-95fa-1571b434fb04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicCompute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d84d5fb-01f6-4d12-ba4f-4a26081d403d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1de7b11d-1870-41a5-8181-507e7c663cfb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enforces a required tag and its value. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e30110a-5ceb-460c-a204-c1c3969c6d62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit provisioning of an Azure Active Directory administrator for SQL server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/administrators\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f314764-cb73-4fc9-b863-8eca98ac36e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected web application in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Web applications without a Web Application Firewall protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\",\r\n \"Microsoft.Web/hostingEnvironments\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201ea587-7c90-41c3-910f-c280ae01cfd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a API app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"224da9fe-0d38-4e79-adb3-0a6e2af942ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of only secure connections to your Redis Cache\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Cache\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22bee202-a82f-4305-9a2a-6d7f44d4dedb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordLength\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordLength\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit configuration of metric alert rules on Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit configuration of metric alert rules on Batch account to enable the required metric\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/alertRules\",\r\n \"existenceScope\": \"Subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\r\n \"equals\": \"[parameters('metricName')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\r\n \"equals\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', field('name'))]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Microsoft IaaSAntimalware extension for Windows Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys a Microsoft IaaSAntimalware extension with a default configuraion when a VM is not configured with the antimalware extension.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of process names to exclude from scanning\"\r\n }\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"false\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Quick\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"7\",\r\n \"metadata\": {\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"120\",\r\n \"metadata\": {\r\n \"description\": \"When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM.\"\r\n }\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2835b622-407b-4114-9198-6f7064cbe0dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Applies a required tag and its default value if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fde8a98-6892-426a-83ba-050e640c0ce0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32133ab0-ee4b-4b44-98d6-042180979d50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid232\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"equals\": \"Allow\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34c877ad-507e-4c82-993e-3452a6e0ad3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Logic Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Logic Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34f95f76-5386-4de7-b824-0d8478470c9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MaximumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MaximumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enablement of encryption of Automation account variables\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is important to enable encryption of Automation account variable assets when storing sensitive data\",\r\n \"metadata\": {\r\n \"category\": \"Automation\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts/variables\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Automation/automationAccounts/variables/isEncrypted\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3657f5a0-770e-44a3-b44e-9431ba1e9735\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Threat Detection is enabled on SQL Servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicStorage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c1b3629-c8f8-4bf6-862c-037cb9094038\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Log Analytics Agent for Ubuntu VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace\",\r\n \"metadata\": {\r\n \"category\": \"Compute\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\",\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\",\r\n \"14.04.2-LTS\",\r\n \"12.04.5-LTS\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fe37002-5d00-4b37-a301-da09e3a0ca66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit secure transfer to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit requirment of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"404c3081-a854-4457-ae30-26a93ef643f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"428256e6-1fac-4f48-a757-df34c2b3336d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor permissive network access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"permissiveNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44452482-524f-4bf4-b852-0bff7cc4a3ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require SQL Server version 12.0\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures all SQL servers use version 12.0\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/version\",\r\n \"equals\": \"12.0\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46544d7b-1f0d-46f5-81da-5c1351de1b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce automatic OS upgrade with app health checks on VMSS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces usage of automatic OS upgrade with application health checks through health probes, which enables safer rollout by evaluating application health after each OS upgrade batch.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade\",\r\n \"equals\": \"True\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/networkProfile.healthProbe.id\",\r\n \"exists\": \"False\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f0161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible app Whitelisting in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible Application Whitelist configuration will be monitored by Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"applicationWhitelisting\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47a6b606-51aa-4496-8bb7-64b11cf66adc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48893b84-a2c8-4d9a-badf-835d5d1b7d53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Applies a required tag and its default value to resource groups if it is not specified by the user.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d1c04de-2172-403f-901b-90608c35c721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit maximum number of owners for a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateLessThanXOwners\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f11b553-d42e-4e3a-89be-32ca364cad4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with write permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df82f4f-773a-4a2d-97a2-422a806f1a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in India data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: West India, South India, Central India\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with read permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit the setting of ClusterProtectionLevel property to EncryptAndSign in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].name\",\r\n \"notEquals\": \"Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name\",\r\n \"notEquals\": \"ClusterProtectionLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value\",\r\n \"notEquals\": \"EncryptAndSign\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"617c02be-7f02-4efd-8836-3180d47b6c68\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit missing blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits storage accounts without blob encryption. It only applies to Microsoft.Storage resource types, not other storage providers. Possible network Just In Time access will be monitored by Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"655cb504-bcee-4362-bd4c-402e6aa38759\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a Function app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"664346d9-be92-43fb-a219-d595eeb76a90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a web application from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8450e2-6c61-43b4-be65-62e3a197bffe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization cannot deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that cannot be deployed.\",\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesNotAllowed')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdb9205-3462-4cfc-87d8-16c7860b53f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"EnforcePasswordHistory\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed storage account SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"StorageSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7433c107-6db4-4ad1-b57a-a76dce0154a1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in App Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"752c6934-9bcc-4749-b004-655e676ae2ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor VM Vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"vulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"760a85ff-6162-42b3-8d70-698e268f648c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"IaaSDiagnostics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Diagnostics\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"LinuxDiagnostic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.OSTCExtensions\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c1b1214-f927-48bf-8882-84f0af6588b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e56b49b-5990-4159-a734-511ea19b731c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordMustMeetComplexityRequirements\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit diagnostic setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f89b1eb-583c-429a-8828-af049802c1d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a214f7-d01a-484b-91a9-ed54470c9a6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy SQL DB transparent data encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enables transparent data encryption on SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('fullDbName'), '/current')]\",\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"apiVersion\": \"2014-04-01\",\r\n \"properties\": {\r\n \"status\": \"Enabled\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"value\": \"[field('fullName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing system updates in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Missing security system updates on your servers will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"systemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86b3d65f-7626-441e-b690-81a8b71cff60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"not_installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"not_installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"884b209a-963b-4520-8006-d20cb3c213e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces a required tag and its value on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce3da23-7156-49e4-b145-24f95f9dcb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"StorePasswordsUsingReversibleEncryption\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9297c21d-2ed6-4474-b48f-163f75654ce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in European data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: North Europe, West Europe\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"northeurope\",\r\n \"westeurope\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"94c19f19-8192-48cd-a11b-e37099d3e36b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in United States data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"centralus\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"northcentralus\",\r\n \"southcentralus\",\r\n \"westus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"983211ba-f348-4758-983b-21fa29294869\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9bfe3727-0a17-471f-a2fe-eddd6b668745\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected network endpoints in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network endpoints without a Next Generation Firewall's protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedNetworkEndpoint\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9daedab3-fb2d-461e-b861-71790eead4f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that can be deployed.\",\r\n \"displayName\": \"Allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesAllowed')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a08ec900-254a-4555-9bf5-e42af04b5c5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Service Bus namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1817ec0-a368-432a-8057-8371e17ac6ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a451c1ef-c6ca-483d-87ed-f49761e3ffb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL server level Auditing settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audits the existence of SQL Auditing at the server level\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Desired Auditing setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enabled\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit standard tier of DDoS protection is enabled for a virtual network\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableDDoSProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce encryption on Data Lake Store accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures encryption is enabled on all Data Lake Store accounts\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DataLakeStore/accounts/encryptionState\",\r\n \"equals\": \"Disabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7ff3161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unencrypted SQL servers or databases will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a8bef009-a5c9-4d0f-90d7-6018734e8a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy network watcher when virtual networks are created\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"networkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[field('location')]\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-09-01\",\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"name\": \"[concat('networkWacher_', parameters('location'))]\",\r\n \"location\": \"[parameters('location')]\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with owner permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa633080-8b72-40c4-a2d7-d00c03e80bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Automatic provisioning of security monitoring agent\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Installs security agent on VMs for advanced security alerts and preventions in Azure Security Center. Applies only for subscriptions that use Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"securityAgent\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abcc6037-1fc4-47f6-aac5-89706589be24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'environment' tag value in allowed values\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.environment\",\r\n \"in\": [\r\n \"production\",\r\n \"dev\",\r\n \"test\",\r\n \"staging\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"endpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af6cd1bd-1635-48cb-bde7-5b15693900b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unaudited SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"SQL servers and databases which doesn't have SQL auditing turned on will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"auditing\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af8051bf-258b-44e2-a2bf-165330459f9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible network Just In Time (JIT) access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"jitNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM /etc/passwd file permissions are set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Event Hub namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b278e460-7cfc-4451-8294-cccc40a940d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"AuditSecureProtocol\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AuditSecureProtocol\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs for Search service\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Search\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an API app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b48334a4-911b-4084-b1ab-3e6a4e50b951\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of Azure Active Directory for client authentication in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit usage of client authentication only via Azure Active Directory in Service Fabric\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b54ed75b-3e1a-44ac-a333-05ba39b99ff0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be0a7681-bed4-48dc-9ff3-f0171ee170b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Asia data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastasia\",\r\n \"southeastasia\",\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\",\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Data Lake Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply Diagnostic Settings for Network Security Groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy automatically deploys diagnostic settings to network security groups.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist)\",\r\n \"description\": \"This resource group must already exist\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setbypolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"rgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"storageDeployName\": \"[concat('policyStorage_', uniqueString(parameters('location'), parameters('nsgName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('nsgName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [\r\n \"[variables('storageDeployName')]\"\r\n ],\r\n \"properties\": {\r\n \"storageAccountId\": \"[reference(variables('storageDeployName')).outputs.storageAccountId.value]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('storageDeployName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('rgName')]\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-06-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[concat(parameters('storageprefix'), parameters('location'))]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"location\": \"[parameters('location')]\",\r\n \"tags\": {\r\n \"created-by\": \"policy\"\r\n },\r\n \"scale\": null,\r\n \"properties\": {\r\n \"networkAcls\": {\r\n \"bypass\": \"AzureServices\",\r\n \"defaultAction\": \"Allow\",\r\n \"ipRules\": [],\r\n \"virtualNetworkRules\": []\r\n },\r\n \"supportsHttpsTrafficOnly\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"storageAccountId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[resourceId(parameters('rgName'), 'Microsoft.Storage/storageAccounts',concat(parameters('storagePrefix'), parameters('location')))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('rgName')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb510bfd-1cba-4d9f-a230-cb0976f4bb71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed virtual machine SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for virtual machines.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cccc23c7-8427-4f53-ad12-b6a63eb452b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'department' tag set\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation only if the 'department' tag is set\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags\",\r\n \"containsKey\": \"department\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd8dc879-a2ae-43c3-8211-1877c5755064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Key Vault\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf820ca0-f99e-4f3e-84fb-66e913812d21\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Function Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a Function app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a web application from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd2ea520-6b06-45c3-806e-ea297c23e06a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e01598e8-6538-41ed-95e8-8b29746cd697\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor OS vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"osVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3576e28-8b17-4677-84c3-db2990658d64\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"global\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"notEquals\": \"Microsoft.AzureActiveDirectory/b2cDirectories\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e56962a6-4747-49cd-b67b-bf8b01975c4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Node.js Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Node.js version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestNodeJS\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e67687e8-08d5-4e7f-8226-5b4753bba008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations for resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that resource groups can be created in.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e765b5de-1225-4ba3-bd56-1ac6695af988\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within a web application must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e797f851-8be7-4c40-bb56-2e3395215b0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an API app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration and Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid110\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"NotInstalledApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"NotInstalledApplication\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[Parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0633351-c7b2-41ff-9981-508fc08553c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid121\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if they not logging to the LA workspace specified in the policy/initiative assignment.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"notEquals\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f47b5582-33ec-4c5c-87c0-b010a6b2e917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of authorization rules on Event Hub entities\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit existence of authorization rules on Event Hub entities to grant least-privileged access\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/eventhubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/eventHubs/authorizationRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4826e5f-6a27-407c-ae3e-9582eb39891d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Auditing on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\",\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8456c1c-aa66-4dfb-861a-25d127b775c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Service Bus\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Stream Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Stream Analytics\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingJobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits that the specified application is installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor SQL vulnerability assessment results in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedinstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"feedbf84-6b99-488c-acc2-71c829aa5ffc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage_httpsTrafficOnly\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/023217dd-81bb-461f-93ea-8799caac50c7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"023217dd-81bb-461f-93ea-8799caac50c7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"This shouldn't work\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This customer's policy is attempting to append multiple tags at once. I expect it will just append one tag with a really long name\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"value\": [\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04183864-11ae-4e7a-aadb-c600e40ed1b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04183864-11ae-4e7a-aadb-c600e40ed1b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Inherit named tag from resource group\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Applies the tag value from the resource group if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[resourcegroup().tags[parameters('tagName')]]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04904947-4d10-4454-9a50-f423d590e11b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04904947-4d10-4454-9a50-f423d590e11b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robga-nsgtemplate-test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ddfee46-9b63-4313-a529-cfbf968d8118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ddfee46-9b63-4313-a529-cfbf968d8118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akif incident - 85944710\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 85944710\\nhttps://icm.ad.msft.net/imp/v3/incidents/details/85944710/home\\n\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af12870bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af12870bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"second attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af1287abe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af1287abe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/123c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"123c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim nsg repro\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"fix\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/14ac45e9-df97-455d-b6ee-dd216f15f694\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"14ac45e9-df97-455d-b6ee-dd216f15f694\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim-incident-86226837-fix\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"1 - reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/15358dd8-671e-4c96-be33-2b668791418f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"15358dd8-671e-4c96-be33-2b668791418f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Attempt service bus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logProfiles\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logProfiles/serviceBusRuleId\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/163c640e-681c-445f-92ba-cd434bd8c11c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"163c640e-681c-445f-92ba-cd434bd8c11c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.zyx\",\r\n \"exists\": \"false\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/17d43473-870f-4bc8-93c6-3961fa1d91cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17d43473-870f-4bc8-93c6-3961fa1d91cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit all tags\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"tags\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags\",\r\n \"value\": \"[resourceGroup().tags]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1e3c9312-c011-40a3-ac40-3bf3ddc24120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e3c9312-c011-40a3-ac40-3bf3ddc24120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource group locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Allowed resource group locations\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f20036f-28c3-48f3-9266-05d50fe391f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f20036f-28c3-48f3-9266-05d50fe391f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"docdb_aliases_test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/isVirtualNetworkFilterEnabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f5360b7-fe59-43f7-8af5-825df420d09c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f5360b7-fe59-43f7-8af5-825df420d09c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ovewrites security rules with IP restrictions at the securityRule level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Limit to one protocol. The most inclusive should come last. I.e. 22;22-22;22-23\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"priority\": {\r\n \"type\": \"int\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[parameters('fullRuleName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-02-01\",\r\n \"properties\": {\r\n \"protocol\": \"*\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[last(parameters('destinationPortRanges'))]\",\r\n \"access\": \"Allow\",\r\n \"direction\": \"Inbound\",\r\n \"priority\": \"[parameters('priority')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[field('Microsoft.Network/networksecurityGroups/securityRules/priority')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"20c4afd0-8a77-4433-b8b0-4ad06e4c7111\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy NSGs on Subnets\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforce that all subnets have a Network Security Group. If a subnet does not have one an NSG with the default Internet Exposed Endpoint restrictions will be created and associated with it.\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string to apply to all automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges must not overlap.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks/subnets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"notEquals\": \"null\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgPrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"nsgName\": \"[concat(parameters('nsgPrefix'), '-', parameters('location'))]\",\r\n \"vnetName\": \"[split(parameters('fullResourceName'), '/')[0]]\",\r\n \"vnetResourceId\": \"[resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))]\",\r\n \"getVnetDeploymentName\": \"[concat('getVnet-', variables('vnetName'))]\",\r\n \"collectSubnetsDeploymentName\": \"[concat('collectSubnets-', variables('vnetName'))]\",\r\n \"overwriteVnetDeploymentName\": \"[concat('overwriteVnet-', variables('vnetName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"vnetProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('vnetResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[variables('nsgName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"securityRules\": [\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Restrict\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from specific IP ranges (either corpnet or SAW)\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3997,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_AllowVnet\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from within the VNET\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"VirtualNetwork\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3998,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Deny\",\r\n \"properties\": {\r\n \"description\": \"Deny any controlled port connections that aren't explicitly allowed in higher priority rules\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 3999,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_AllowAll\",\r\n \"properties\": {\r\n \"description\": \"Allow all inbound traffic that isn't explicitly blocked by Port Lockdown restrictions\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 4000,\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectSubnetsDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_collectSubnets_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"nsgResourceId\": {\r\n \"value\": \"[resourceid('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"dependsOn\": [\r\n \"[variables('nsgName')]\"\r\n ],\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_overwriteVnet_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"updatedSubnets\": {\r\n \"value\": \"[reference(variables('collectSubnetsDeploymentName')).outputs.updatedSubnets.value]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"nsgPrefix\": {\r\n \"value\": \"[parameters('nsgPrefix')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/210ed8bd-6b07-4d5e-a62c-c34f07293288\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"210ed8bd-6b07-4d5e-a62c-c34f07293288\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit all Microsoft.Web/sites/config/authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/211a466d-b2be-46e8-b029-8c28f566f118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"211a466d-b2be-46e8-b029-8c28f566f118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of a tag2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits that a required tag is present on resources\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"notcontainsKey\": \"[parameters('tagName')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24813039-7534-408a-9842-eb99f45721b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append single location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.locationTest\",\r\n \"value\": \"[parameters('allowedLocation')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin oms vm linux parameterized effect\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"263f13f4-6b88-4788-bead-34beedde70ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test guest assignment\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/28e54a72-2fd7-40d3-afe2-b05423e0147a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"28e54a72-2fd7-40d3-afe2-b05423e0147a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"2nd attempt on this policy. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"notIn\": \"[parameters('allowedLocations')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd60841400\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd60841400\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-combined\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"the combined policy attempt for both cosmos db cases. \",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"locationNames\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd6084180f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd6084180f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage ip rules append 2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.ipRules\",\r\n \"value\": [\r\n {\r\n \"value\": \"8.8.8.8\",\r\n \"action\": \"Allow\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/2b2317a7-ab02-47b5-8159-eb7e6227709f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2b2317a7-ab02-47b5-8159-eb7e6227709f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[demo] Enforce KeyVault diagnostic log storage\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"[tolower(concat('cheggkv', parameters('location')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('cheggremdemo', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/332ce4ac-9200-4573-8c66-92b85fc82c8d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"332ce4ac-9200-4573-8c66-92b85fc82c8d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_enableAutomaticFailover\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/enableAutomaticFailover\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_defaultConsistencyLevel\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/consistencyPolicy.defaultConsistencyLevel\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0b7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_readLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_writeLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_failoverPolicies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd160\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c0df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c0df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL and Managed Instance TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c144\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c144\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services vaults test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"vault\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vault\",\r\n \"description\": \"The Recovery Services Vault.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n },\r\n \"vaults\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vaults\",\r\n \"description\": \"The list of Recovery Services Vaults.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('vault')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('vaults')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b2c1b0f-63c5-4943-8578-6d37fbe411bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b2c1b0f-63c5-4943-8578-6d37fbe411bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b788cf8-ff6f-4075-86a1-ab76270790e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b788cf8-ff6f-4075-86a1-ab76270790e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3cc5820a-cbb8-4977-9c90-d90ced95f12c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3cc5820a-cbb8-4977-9c90-d90ced95f12c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Name should have prefix and suffix\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Name should have prefix and suffix\",\r\n \"parameters\": {\r\n \"prefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The prefix\",\r\n \"description\": \"The name prefix\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"suffix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The suffix\",\r\n \"description\": \"The name suffix.\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('prefix'), '*', parameters('suffix'))]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e275e2e-a157-4ade-8f91-43b3ea370007\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e275e2e-a157-4ade-8f91-43b3ea370007\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Restrict VM skus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Restricts allowed VM skus to a predefined regex\",\r\n \"parameters\": {\r\n \"allowedSkuTemplate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed VM sku template\",\r\n \"description\": \"The VM sku template. Supports wildcards via '*'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"like\": \"[parameters('allowedSkuTemplate')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e34c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e34c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKU\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits the use of storage account SKUs that don't meet organizational cost policy.\",\r\n \"parameters\": {\r\n \"listOfAllowedSkus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of allowed SKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSkus')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e3682\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e3682\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaDataFactoryTest1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"RobgaDataFactoryTest\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataFactory/factories\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/robgatestworkspace/providers/Microsoft.OperationalInsights/workspaces/robgatestworkspace\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce autoUpgrade on VM/VMSS extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies any VM or VMSS extensions that do not have autoUpgradeMinorVersion set to true.\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f772\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f772\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically enabled autoUpgradeMinorVersion on VM extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f783\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f783\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM scale set extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically appends autoUpgradeMinorVersion=true to VMSS extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f7a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f7a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService must use serverFarm\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService serverFarm must have capacity > 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/serverFarms\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/serverFarms/sku.capacity\",\r\n \"in\": [\r\n \"0\",\r\n \"1\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc23\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc23\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Definition to be deleted.\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy will deploy a key vault named KV_B if a key vault named KV_A does not exist.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"KV_B\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-10-01\",\r\n \"name\": \"KV_A\",\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"location\": \"eastus2\",\r\n \"properties\": {\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"sku\": {\r\n \"family\": \"A\",\r\n \"name\": \"standard\"\r\n },\r\n \"accessPolicies\": []\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/48ba81c1-0012-4796-8166-c2efb4304190\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48ba81c1-0012-4796-8166-c2efb4304190\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Do_Not_Delete\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy is used for unit tests. Please do not delete it.\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4a0425e4-97bf-4ad0-ab36-145b94083c60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4a0425e4-97bf-4ad0-ab36-145b94083c60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny MySQL firewallRules starting with 0\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4b94c320-ce63-4fb6-ba9d-7dbe648b90de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4b94c320-ce63-4fb6-ba9d-7dbe648b90de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83686598\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"deny the creation of storage if supportsHttpsTrafficOnly is false\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"detect 'allow All' NSG rule\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c915617-16f0-4c62-b021-e66d5409d11d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c915617-16f0-4c62-b021-e66d5409d11d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332195\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332199\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332199\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny storage container creation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts/blobServices/containers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4d2f8837-7acb-4488-b580-95960ee3f116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d2f8837-7acb-4488-b580-95960ee3f116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure auto-created NSG rules exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ensures that security rules created in auto-created PortLockdown NSGs are not tampered with\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string applied to automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to in the expected security rule. I.e. 192.4.0.0/8;192.5.0.0/8 or *\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions in the expected security rule\"\r\n }\r\n },\r\n \"priority\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected priority\",\r\n \"description\": \"The priority of the expected security rule.\"\r\n }\r\n },\r\n \"access\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected access\",\r\n \"description\": \"The access (allow/deny) of the expected security rule.\"\r\n },\r\n \"allowedValues\": [\r\n \"Allow\",\r\n \"Deny\"\r\n ]\r\n },\r\n \"name\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected name\",\r\n \"description\": \"The name of the expected security rule.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('nsgPrefix'), '-', field('location'))]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"equals\": \"[parameters('priority')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"[parameters('access')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"name\": {\r\n \"type\": \"string\"\r\n },\r\n \"priority\": {\r\n \"type\": \"string\"\r\n },\r\n \"access\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"isSinglePrefix\": \"[equals(count(parameters('sourceAddressPrefixes')), 1)]\",\r\n \"isSinglePortRange\": \"[equals(count(parameters('destinationPortRanges')), 1)]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('nsgName'), '/', parameters('name'))]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"properties\": {\r\n \"description\": \"Rule auto-created by Internet Exposed Endpoints protection\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[if(variables('isSinglePortRange'), first(parameters('destinationPortRanges')), '')]\",\r\n \"destinationPortRanges\": \"[if(not(variables('isSinglePortRange')), parameters('destinationPortRanges'), json('[]'))]\",\r\n \"sourceAddressPrefix\": \"[if(variables('isSinglePrefix'), first(parameters('sourceAddressPrefixes')), '')]\",\r\n \"sourceAddressPrefixes\": \"[if(not(variables('isSinglePrefix')), parameters('sourceAddressPrefixes'), json('[]'))]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"[parameters('access')]\",\r\n \"priority\": \"[int(parameters('priority'))]\",\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"name\": {\r\n \"value\": \"[parameters('name')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[parameters('priority')]\"\r\n },\r\n \"access\": {\r\n \"value\": \"[parameters('access')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f283ec4-25a9-46df-bbf2-806ed5a3e115\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rs defaultvalue backslash\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Extensions to Exclude\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \".FWD;.GSC;.GSE;.MYD;.MYI;.SMD;.VAC;.BAK;.CHK;.FRM;.LDF;.LOG;.MBX;.MDF;.NDF;.TRN;.UND;.UNF;.UNH;.UNI;.UNQ;.UNS;.VHD;.VMDX;.WCI;.EDB;.SDS\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Paths to Exclude\",\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Sysvol;C:\\\\ProgramData\\\\Microsoft\\\\SharePoint;C:\\\\Program Files\\\\Common Files\\\\Microsoft Shared\\\\Web Server Extensions;C:\\\\Program Files\\\\Operations Manager;C:\\\\Program Files\\\\Microsoft Monitoring Agent;C:\\\\Program Files\\\\Microsoft Office Servers;C:\\\\Program Files\\\\Microsoft System Center 2012 R2\\\\Server;C:\\\\Program Files\\\\System Center Operations Manager;C:\\\\Program Files\\\\System Center Operations Manager 2007;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\NTDS;C:\\\\Windows\\\\System32\\\\LogFiles;C:\\\\Windows\\\\Sysvol;C:\\\\Program Files\\\\Double-Take Software;C:\\\\Program Files\\\\DoubleTake;C:\\\\Program Files\\\\Exchsrvr;C:\\\\Program Files\\\\Ipswitch;C:\\\\Program Files\\\\LogMeIn;C:\\\\Windows\\\\SoftwareDistribution\\\\Datastore;C:\\\\Windows\\\\Temp\\\\Gthrsvc\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Processes to Exclude\",\r\n \"description\": \"Semicolon delimited list of processes to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"HealthService.exe;ManagementService.exe;Microsoft.Mom.Sdk.Service.exe;Microsoft.Mom.ConfigServiceHost.exe;MonitoringHost.exe;pagefile.sys\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable real time protection\",\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Scheduled scans\",\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n },\r\n \"defaultValue\": \"false\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Scheduled Scan Type\",\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n },\r\n \"defaultValue\": \"Quick\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Day of Scheduled Scan\",\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n },\r\n \"defaultValue\": \"7\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Time of Scheduled Scan\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"120\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"value\": \"[parameters('ExclusionsExtensions')]\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"value\": \"[parameters('ExclusionsPaths')]\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"value\": \"[parameters('ExclusionsProcesses')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"[parameters('RealtimeProtectionEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsIsEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsDay')]\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsTime')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50877efd-8dd9-43d5-b4e6-3b70e64311b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50877efd-8dd9-43d5-b4e6-3b70e64311b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy key vault KV_B if key vault KV_A does not exist.\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy will deploy a key vault named KV_B if a key vault named KV_A does not exist.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"KV_B\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-10-01\",\r\n \"name\": \"KV_A\",\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"location\": \"eastus2\",\r\n \"properties\": {\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"sku\": {\r\n \"family\": \"A\",\r\n \"name\": \"standard\"\r\n },\r\n \"accessPolicies\": []\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50e2972e-143c-4edf-9ef6-bee0f84212d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaTestRbac\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Authorization/roleAssignments/principalId\",\r\n \"equals\": \"Admin\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/560482cd-dac5-41e6-9cef-b0aecd6020de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"560482cd-dac5-41e6-9cef-b0aecd6020de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"GokmenhAuditLocation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit if not west us\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5948d091-78b7-4d3b-a404-cc6a0329b0c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5948d091-78b7-4d3b-a404-cc6a0329b0c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"deployifnotexist template alias tests - redis\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/Redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/sku.family\",\r\n \"equals\": \"C\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"Whatever*\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"type\": \"string\"\r\n },\r\n \"nameField\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuFamilyOut\": {\r\n \"value\": \"[parameters('skuFamily')]\",\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPortOut\": {\r\n \"value\": \"[parameters('enableNonSslPort')]\",\r\n \"type\": \"string\"\r\n },\r\n \"nameFieldOut\": {\r\n \"value\": \"[parameters('nameField')]\",\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/sku.family')]\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/enableNonSslPort')]\"\r\n },\r\n \"nameField\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"exists\": \" false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca376\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca376\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86318519\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86318519\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallrules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"AllowAllWindowsAzureIps\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca600\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca600\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"exists\": \"true\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"notIn\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca8d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca8d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Test storage alias\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Test storage alias\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"type\": \"string\"\r\n },\r\n \"encrypt\": {\r\n \"type\": \"string\"\r\n },\r\n \"accessTier\": {\r\n \"type\": \"string\"\r\n },\r\n \"skuName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuNameOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('skuName')]\"\r\n },\r\n \"accessTierOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('accessTier')]\"\r\n },\r\n \"httpsOnlyOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('httpsOnly')]\"\r\n },\r\n \"encryptOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('encrypt')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly')]\"\r\n },\r\n \"encrypt\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/enableBlobEncryption')]\"\r\n },\r\n \"accessTier\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/accessTier')]\"\r\n },\r\n \"skuName\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/sku.name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5fa69139-9a49-464e-90b5-0d243a469138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5fa69139-9a49-464e-90b5-0d243a469138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit costcenter tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"value\": \"[resourceGroup().tags.CostCenter]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6ced0d17-98f3-41e2-8038-08c8f4fb90e3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6ced0d17-98f3-41e2-8038-08c8f4fb90e3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim Apply allowed tag and its default value\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"3\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n },\r\n \"allowedValues\": [\r\n \"TagA\",\r\n \"TagB\"\r\n ]\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6d1735de-f3e3-4c40-a8b2-7b3a1042a895\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6d1735de-f3e3-4c40-a8b2-7b3a1042a895\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": null\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"3\"\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"Metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The metric operator.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"The timeAggregation.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"The window size.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"The evaluation frequency.\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The action group id.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('alertNamePrefix'), '*')]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(toLower(parameters('alertNamePrefix')), uniqueString(resourceGroup().id))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6f2c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6f2c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testImageId\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"css\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"contains\": \"resourceGroups/testSandipsh\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/70dc1e8d-61c9-4089-8bf5-895b227c1298\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"70dc1e8d-61c9-4089-8bf5-895b227c1298\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"policyTrackedResources-sdk-tests\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"notIn\": [\r\n \"policyTrackedResources-sdk-tests-rule1\",\r\n \"policyTrackedResources-sdk-tests-rule2\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule1')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule2')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2001,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny if blob is not encrypted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/74d5cf40-7293-46a4-a285-7ea971e3719a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"74d5cf40-7293-46a4-a285-7ea971e3719a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Location restriction\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Policy to force allocations to a set of given locations\",\r\n \"metadata\": {\r\n \"category\": \"cstack\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/763dcd1d-a4a9-46a8-8bd3-357c4533a335\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"763dcd1d-a4a9-46a8-8bd3-357c4533a335\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"chegg deploy VMSS extension\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"GenevaMonitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Geneva\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-01\",\r\n \"name\": \"[concat(parameters('vmssName'), '/', 'genevaExtension2')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Geneva\",\r\n \"type\": \"GenevaMonitoring\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {}\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/767d74dd-8fe3-4ef2-a38a-52164f9230da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"767d74dd-8fe3-4ef2-a38a-52164f9230da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83577342 deny proxy resource location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/83577342/home\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"eastus\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingjobs/transformations\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/77429b44-aac1-4417-a53e-6900c07e11ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"77429b44-aac1-4417-a53e-6900c07e11ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Block TLS < 1.2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/slots/config\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\r\n \"notEquals\": \"1.2\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/78c5df31-2f05-4f4d-acfe-3e536d88c1bc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"78c5df31-2f05-4f4d-acfe-3e536d88c1bc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny ActiveDirectory administrators\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/administrators/administratorType\",\r\n \"equals\": \"ActiveDirectory\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash weird chars\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR!@#$%^&*()_+=-{}[];:',.<>?~`/;C:\\\\hello\\\\there\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7f4d769f-78db-46eb-ac3c-0b8214f8c245\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f4d769f-78db-46eb-ac3c-0b8214f8c245\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock v2\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/83daa8ee-7c9a-470c-81a8-5a99ac09d134\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83daa8ee-7c9a-470c-81a8-5a99ac09d134\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"northwell.io\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/86cd412c-c557-473b-984c-a5f15cdcb116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86cd412c-c557-473b-984c-a5f15cdcb116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Parameterized effect (if location != eastus)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The policy effect.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"eastus\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"885f1dcb-a9c5-4c8c-8996-2702db44a2d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.xyz\",\r\n \"exists\": false\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8959fd87-c1dd-4831-9034-a4f876bee1cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8959fd87-c1dd-4831-9034-a4f876bee1cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Kubernetes ingress policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Only specified ingress is allowed based on names\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere applicability test 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/whatever\"\r\n },\r\n {\r\n \"field\": \"tags.applicability\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8e6b598c-1a45-404b-97dd-983e37c040da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8e6b598c-1a45-404b-97dd-983e37c040da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_ipRangeFilter\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/ipRangeFilter\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9012b1cd-b045-46c6-a510-6137e06a009c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash (array)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": [\r\n \"C:\\\\rs-pkgs\",\r\n \"C:\\\\System Volume Information\\\\DFSR\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/985adbc0-6d2e-448a-ac26-89d3688191d5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"985adbc0-6d2e-448a-ac26-89d3688191d5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github209\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/virtualNetworkRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9a060c03-fda7-4b0a-b4da-15e2b7e4d117\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9a060c03-fda7-4b0a-b4da-15e2b7e4d117\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - Subscription Lvl test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Subscriptionlevel auditIfNotExist policy\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a1b067c8-2970-4c0b-b0da-31ae7f33d1de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1b067c8-2970-4c0b-b0da-31ae7f33d1de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Noop\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Don't do anything\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"yabba\",\r\n \"dabba\",\r\n \"doo\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a309ad64-0bae-48d9-a6b1-d99c0b4218b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a309ad64-0bae-48d9-a6b1-d99c0b4218b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyof\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a337c781-c7d8-4e12-ae69-1951c7e74378\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a337c781-c7d8-4e12-ae69-1951c7e74378\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127 - better\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\",\r\n \"Deny\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"81196380\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure https traffic only for storage account\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure https traffic only for storage account\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"true\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscription name tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"add subscription name tag\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionname\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionname\",\r\n \"value\": \"[subscription().displayName]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d82a2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d82a2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Add subscription \\\"id\\\" tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.id\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.id\",\r\n \"value\": \"[subscription().id]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8339\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8339\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscriptionId tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionId\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionId\",\r\n \"value\": \"[subscription().subscriptionId]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8635\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8635\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgaNSGtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/aeb6a524-e3d1-4b8a-afa8-26ae4e291116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aeb6a524-e3d1-4b8a-afa8-26ae4e291116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed Location Indexed\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"hackathon policy\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Allowed-Locations-Indexed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Allowed-Locations-Indexed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if antiMalware extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy audits if the anti malware extension .\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/antiMalwareExtensionExists\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"antiMalwareExtensionExists\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Web socket must be disabled on App Services\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures web sockets are disabled on App Services.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/AppServiceWebSockets\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"AppServiceWebSockets\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure Security Center must be enabled\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures Azure Security Center is enabled.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ASCEnabled\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ASCEnabled\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and it's value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and its value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits if a required extension doesn't exist.\",\r\n \"parameters\": {\r\n \"publisher\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The publisher of the extension\",\r\n \"displayName\": \"Extension Publisher\"\r\n }\r\n },\r\n \"type\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The type of the extension\",\r\n \"displayName\": \"Extension Type\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"[parameters('publisher')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"[parameters('type')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/audit-vm-extension\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"audit-vm-extension\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"CanCrudPolicyAssignment Policy Definition $[Auto Test]\",\r\n \"policyType\": \"Custom\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"ResourceProviderTestHost/TestResourceType/TestResourceTypeNestedOne/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/azsmnet6487\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"azsmnet6487\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"89322663 audit diag setting\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"description\": \"The list of resources types to audit for missing diagnostic log settings.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"details\": {\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"equals\": \"true\",\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\"\r\n }\r\n ]\r\n },\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\"\r\n },\r\n \"effect\": \"AuditIfNotExists\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b350b9b0-8ba5-4867-bc9c-63b4544671b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b350b9b0-8ba5-4867-bc9c-63b4544671b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"makharchtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"policy\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b36f6195-0fc5-4a41-bbce-875248400f5f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b36f6195-0fc5-4a41-bbce-875248400f5f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash really long string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b9203c56-0565-434a-a315-87f4da9f21b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b9203c56-0565-434a-a315-87f4da9f21b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"NSG Rules exists test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].protocol\",\r\n \"notLike\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/bb6a78ae-8737-41e0-9c41-cc777c8c00a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bb6a78ae-8737-41e0-9c41-cc777c8c00a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c0f586f1-abe5-4801-8588-7332e49e60c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c0f586f1-abe5-4801-8588-7332e49e60c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"234\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logprofiles\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/logprofiles\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Doublecheck the lifecycle tag policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy refers to tags['Lifecycle'], which with the current implementation of the escaped tags syntax will refer to a tag named 'Lifecycle' (quotes and all). This is a customer policy that would be broken when I switch the meaning of tags['Lifecycle'] to refer simply to a tag named Lifecycle (no quotes)\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['Lifecycle']\",\r\n \"notIn\": [\r\n \"dev\",\r\n \"tst\",\r\n \"stg\",\r\n \"prd\",\r\n \"trn\",\r\n \"prf\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c6be98a9-8108-40aa-b726-d2ae8e2891b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c6be98a9-8108-40aa-b726-d2ae8e2891b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe resource group auditIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c7b9982d-2f50-4730-935f-5c241982a441\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c7b9982d-2f50-4730-935f-5c241982a441\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed resource types\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": \"The list of allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('allowedTypes')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c872f951-1c5d-4c61-89dd-aee2350a11ba\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8b79b49-a579-4045-984e-1b249ab8b474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8cedfaa-4aa0-465a-8b90-49caf8177158\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8cedfaa-4aa0-465a-8b90-49caf8177158\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere css block NSG changes\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/95894791/home\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"nsgName\",\r\n \"description\": \"The name of the NSG.\"\r\n },\r\n \"defaultValue\": \"nsgName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('nsgName')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"fullName\",\r\n \"like\": \"[concat(parameters('nsgName'), '/*')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ca01432d-4278-45a6-8137-69f2155d2248\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ca01432d-4278-45a6-8137-69f2155d2248\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin empty string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure resource names meet the like condition for a pattern.\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"namePattern\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"namePattern\",\r\n \"description\": \"Pattern to use for names. Can include wildcard (*).\"\r\n },\r\n \"allowedValues\": [\r\n \"\",\r\n \"one\",\r\n \"two\"\r\n ],\r\n \"defaultValue\": \"\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('namePattern')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"camarvin-test-empty-assign\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere append 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.test\",\r\n \"value\": \"1\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny on 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.test\",\r\n \"equals\": \"1\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Resource name contains resource group name\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Require resources to contain the resource group's name\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"notContains\": \"[resourceGroup().name]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/contain-resource-group-name\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"contain-resource-group-name\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v3\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"third attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5002\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-deployIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"deploys a delete lock for a resource \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/0b88dfdb-55b3-4fb0-b474-5b6dcbe6b2ef/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"CanNotDelete\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {},\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"apiVersion\": \"2015-01-01\",\r\n \"name\": \"DeleteLock\",\r\n \"properties\": {\r\n \"level\": \"CanNotDelete\",\r\n \"notes\": \"prevent deletion\"\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5632\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5632\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce KeyVault diagnostic log storage (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"elperetest\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('elpere', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d0d9349d-843c-443a-9f27-5ce84f08c37e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d0d9349d-843c-443a-9f27-5ce84f08c37e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Access KV as part of remidiation deployment test (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"hello\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"outputs\": {\r\n \"testSecretOutput\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('testSecret')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"reference\": {\r\n \"keyVault\": {\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/elpere/providers/Microsoft.KeyVault/vaults/elpereKv\"\r\n },\r\n \"secretName\": \"test\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d35ce9be-f51b-4d3e-bc7f-dde2936381b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d35ce9be-f51b-4d3e-bc7f-dde2936381b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs (NSG level)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Overwrites security rules with IP restrictions at the NSG level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges may overlap.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"getNsgDeploymentName\": \"[concat('getNSGContent-', parameters('nsgName'))]\",\r\n \"collectorDeploymentName\": \"[concat('collectRules-', parameters('nsgName'))]\",\r\n \"overwriteNsgDeploymentName\": \"[concat('overwriteNsg-', parameters('nsgName'))]\",\r\n \"nsgResourceId\": \"[resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"nsgProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('nsgResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectorDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_collectRules_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"nsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"portRangesToRestrict\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_overwriteNSG_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"originalNsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"updatedSecurityRules\": {\r\n \"value\": \"[reference(variables('collectorDeploymentName')).outputs.updatedSecurityRules.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d7b13c30-e6aa-47e1-b50a-8e33f152d086\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d7b13c30-e6aa-47e1-b50a-8e33f152d086\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Audited skus\",\r\n \"description\": \"The list of skus.\",\r\n \"strongType\": \"storageSkus\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e90ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e90ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List Of Allowed SKUs\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"vmSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e9170\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e9170\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[elpere] deployIfNotExists Runners test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"deployIfNotExistsTestsRule\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/deployIfNotExistsTestsRule')]\",\r\n \"properties\": {\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbfa9fc0-5202-4001-8759-1aa2387f825b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbfa9fc0-5202-4001-8759-1aa2387f825b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"allowedOS\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"test_sandipsh\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedWindows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Windows VMs\",\r\n \"description\": \"The list of allowed VMs for Windows.\"\r\n }\r\n },\r\n \"listOfAllowedUbuntus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Ubuntu VMs\",\r\n \"description\": \"The list of allowed VMs for Ubuntu.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/disks\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"Canonical\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"UbuntuServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedUbuntus')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedWindows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services backup policies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"policies\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policies\",\r\n \"description\": \"The list of allowed Recovery Services backup policies.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n },\r\n \"policy\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policy\",\r\n \"description\": \"Allowed Recovery Services backup policy.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('policies')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('policy')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e3f9a624-b17d-4dc8-9649-65814d3241bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3f9a624-b17d-4dc8-9649-65814d3241bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"authSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their logs config\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"logs\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny changing sites authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"defaultValue: all parameters\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"defaultValue\"\r\n },\r\n \"parameters\": {\r\n \"locations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array)\",\r\n \"description\": \"The list of locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": [\r\n \"eastus\",\r\n \"westus\"\r\n ]\r\n },\r\n \"location\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string)\",\r\n \"description\": \"The location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"resourceGroups\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array)\",\r\n \"description\": \"The list of resource groups.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": [\r\n \"camarvin\"\r\n ]\r\n },\r\n \"resourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string)\",\r\n \"description\": \"The resource group.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": \"camarvin\"\r\n },\r\n \"tags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array)\",\r\n \"description\": \"The list of tags.\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"tag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string)\",\r\n \"description\": \"The tag.\"\r\n },\r\n \"defaultValue\": \"\"\r\n },\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array, av)\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": [\r\n \"eastus\"\r\n ]\r\n },\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string, av)\",\r\n \"description\": \"The allowed location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"allowedStorageSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array, av)\",\r\n \"description\": \"The list of allowed storage SKUs for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ]\r\n },\r\n \"allowedStorageSKU\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string, av)\",\r\n \"description\": \"The allowed storage SKU for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": \"Standard_LRS\"\r\n },\r\n \"allowedTags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array, av)\",\r\n \"description\": \"The list of allowed tags.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ]\r\n },\r\n \"allowedTag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string, av)\",\r\n \"description\": \"The allowed tag.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": \"FirstName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('locations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('resourceGroups')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('resourceGroup')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('tags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('tag')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedStorageSkus')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"Equals\": \"[parameters('allowedStorageSku')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedTags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"NotEquals\": \"[parameters('allowedTag')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ea1688b3-022e-4add-af39-2fe60689a3b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ea1688b3-022e-4add-af39-2fe60689a3b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny \\\"Allow All\\\" NSG rules\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies the creation of sourceAddressPrefix=\\\"*\\\", destinationPortRange=\\\"*\\\" NSG security rules\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"PortLockdown_AllowAll\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"notEquals\": \"4000\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github264\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/siteAuthSettings.enabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ef00ee9d-fe45-4d14-8bee-789eea392116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ef00ee9d-fe45-4d14-8bee-789eea392116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy enables you to audit your location.\",\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/LocationAuditDefinition\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"LocationAuditDefinition\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"northeurope\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/policy2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"policy2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps6386\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps6386\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps8886\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps8886\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9652\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps9652\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test policy\",\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testSandipsh.draft\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testSandipsh.draft\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testtest\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"testtest\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testtest\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testtest\"\r\n }\r\n ]\r\n}", + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines without disaster recovery configured\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"ASR-Protect-*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an Function app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"001802d1-4969-4c82-a700-c29c6c6f9bbd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"053d3325-282c-4e5c-b944-24faffd30d77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Data Lake Store\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057ef27e-665e-4328-8ea3-04b3122bd9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL DB Level Audit Setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit DB level audit setting for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit VMs that do not use managed disks\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0868462e-646c-4fe3-9ced-a733534b6a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08b17839-76c6-4015-90e0-33d9d54d219c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit minimum number of owners for subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate more than one subscription owner in order to have administrator access redundancy.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateMoreThanOneOwner\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted VM Disks in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0961003e-5a0a-4549-abde-af6a37f2724d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit resource location matches resource group location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that the resource location matches its resource group location\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"notIn\": [\r\n \"[resourcegroup().location]\",\r\n \"global\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a914e76-4921-4c19-b460-a2d36003525a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an function app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e60b895-3786-45da-8377-9c6b4b6ac5f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11ac78e3-31bc-4f0c-8434-37ab963cea07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the required content to audit that an application is installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"WhitelistedApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WhitelistedApplication\"\r\n },\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"installedApplication\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[Parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit transparent data encryption status\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit transparent data encryption status for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"enabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17k78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1c210e94-a481-4beb-95fa-1571b434fb04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicCompute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d84d5fb-01f6-4d12-ba4f-4a26081d403d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1de7b11d-1870-41a5-8181-507e7c663cfb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enforces a required tag and its value. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e30110a-5ceb-460c-a204-c1c3969c6d62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit provisioning of an Azure Active Directory administrator for SQL server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/administrators\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f314764-cb73-4fc9-b863-8eca98ac36e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected web application in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Web applications without a Web Application Firewall protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\",\r\n \"Microsoft.Web/hostingEnvironments\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201ea587-7c90-41c3-910f-c280ae01cfd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a API app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"224da9fe-0d38-4e79-adb3-0a6e2af942ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of only secure connections to your Redis Cache\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Cache\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22bee202-a82f-4305-9a2a-6d7f44d4dedb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordLength\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordLength\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit configuration of metric alert rules on Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit configuration of metric alert rules on Batch account to enable the required metric\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/alertRules\",\r\n \"existenceScope\": \"Subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\r\n \"equals\": \"[parameters('metricName')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\r\n \"equals\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', field('name'))]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Microsoft IaaSAntimalware extension for Windows Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys a Microsoft IaaSAntimalware extension with a default configuraion when a VM is not configured with the antimalware extension.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of process names to exclude from scanning\"\r\n }\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"false\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Quick\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"7\",\r\n \"metadata\": {\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"120\",\r\n \"metadata\": {\r\n \"description\": \"When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM.\"\r\n }\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2835b622-407b-4114-9198-6f7064cbe0dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Applies a required tag and its default value if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fde8a98-6892-426a-83ba-050e640c0ce0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32133ab0-ee4b-4b44-98d6-042180979d50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid232\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"equals\": \"Allow\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34c877ad-507e-4c82-993e-3452a6e0ad3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Logic Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Logic Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34f95f76-5386-4de7-b824-0d8478470c9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MaximumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MaximumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enablement of encryption of Automation account variables\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is important to enable encryption of Automation account variable assets when storing sensitive data\",\r\n \"metadata\": {\r\n \"category\": \"Automation\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts/variables\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Automation/automationAccounts/variables/isEncrypted\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3657f5a0-770e-44a3-b44e-9431ba1e9735\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Threat Detection is enabled on SQL Servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicStorage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in IoT Hubs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Internet of Things\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Devices/IotHubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"383856f8-de7f-44a2-81fc-e5135b5c2aa4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c1b3629-c8f8-4bf6-862c-037cb9094038\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Log Analytics Agent for Ubuntu VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace\",\r\n \"metadata\": {\r\n \"category\": \"Compute\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\",\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\",\r\n \"14.04.2-LTS\",\r\n \"12.04.5-LTS\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fe37002-5d00-4b37-a301-da09e3a0ca66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit secure transfer to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit requirment of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"404c3081-a854-4457-ae30-26a93ef643f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"428256e6-1fac-4f48-a757-df34c2b3336d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor permissive network access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"permissiveNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44452482-524f-4bf4-b852-0bff7cc4a3ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require SQL Server version 12.0\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures all SQL servers use version 12.0\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/version\",\r\n \"equals\": \"12.0\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46544d7b-1f0d-46f5-81da-5c1351de1b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce automatic OS upgrade with app health checks on VMSS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces usage of automatic OS upgrade with application health checks through health probes, which enables safer rollout by evaluating application health after each OS upgrade batch.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade\",\r\n \"equals\": \"True\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/networkProfile.healthProbe.id\",\r\n \"exists\": \"False\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f0161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible app Whitelisting in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible Application Whitelist configuration will be monitored by Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"applicationWhitelisting\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47a6b606-51aa-4496-8bb7-64b11cf66adc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48893b84-a2c8-4d9a-badf-835d5d1b7d53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Applies a required tag and its default value to resource groups if it is not specified by the user.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d1c04de-2172-403f-901b-90608c35c721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit maximum number of owners for a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateLessThanXOwners\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healty\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f11b553-d42e-4e3a-89be-32ca364cad4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with write permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df82f4f-773a-4a2d-97a2-422a806f1a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in India data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: West India, South India, Central India\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with read permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit the setting of ClusterProtectionLevel property to EncryptAndSign in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].name\",\r\n \"notEquals\": \"Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name\",\r\n \"notEquals\": \"ClusterProtectionLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value\",\r\n \"notEquals\": \"EncryptAndSign\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"617c02be-7f02-4efd-8836-3180d47b6c68\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit missing blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits storage accounts without blob encryption. It only applies to Microsoft.Storage resource types, not other storage providers. Possible network Just In Time access will be monitored by Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"655cb504-bcee-4362-bd4c-402e6aa38759\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a Function app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"664346d9-be92-43fb-a219-d595eeb76a90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a web application from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8450e2-6c61-43b4-be65-62e3a197bffe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization cannot deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that cannot be deployed.\",\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesNotAllowed')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdb9205-3462-4cfc-87d8-16c7860b53f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"EnforcePasswordHistory\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed storage account SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"StorageSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7433c107-6db4-4ad1-b57a-a76dce0154a1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in App Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"752c6934-9bcc-4749-b004-655e676ae2ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor VM Vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"vulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"760a85ff-6162-42b3-8d70-698e268f648c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"IaaSDiagnostics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Diagnostics\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"LinuxDiagnostic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.OSTCExtensions\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c1b1214-f927-48bf-8882-84f0af6588b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e56b49b-5990-4159-a734-511ea19b731c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordMustMeetComplexityRequirements\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit diagnostic setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f89b1eb-583c-429a-8828-af049802c1d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a214f7-d01a-484b-91a9-ed54470c9a6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy SQL DB transparent data encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enables transparent data encryption on SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('fullDbName'), '/current')]\",\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"apiVersion\": \"2014-04-01\",\r\n \"properties\": {\r\n \"status\": \"Enabled\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"value\": \"[field('fullName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing system updates in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Missing security system updates on your servers will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"systemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86b3d65f-7626-441e-b690-81a8b71cff60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"not_installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"not_installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"884b209a-963b-4520-8006-d20cb3c213e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces a required tag and its value on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce3da23-7156-49e4-b145-24f95f9dcb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"StorePasswordsUsingReversibleEncryption\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9297c21d-2ed6-4474-b48f-163f75654ce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in European data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: North Europe, West Europe\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"northeurope\",\r\n \"westeurope\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"94c19f19-8192-48cd-a11b-e37099d3e36b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in United States data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"centralus\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"northcentralus\",\r\n \"southcentralus\",\r\n \"westus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"983211ba-f348-4758-983b-21fa29294869\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9bfe3727-0a17-471f-a2fe-eddd6b668745\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected network endpoints in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network endpoints without a Next Generation Firewall's protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedNetworkEndpoint\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9daedab3-fb2d-461e-b861-71790eead4f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that can be deployed.\",\r\n \"displayName\": \"Allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesAllowed')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a08ec900-254a-4555-9bf5-e42af04b5c5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Service Bus namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1817ec0-a368-432a-8057-8371e17ac6ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a451c1ef-c6ca-483d-87ed-f49761e3ffb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL server level Auditing settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audits the existence of SQL Auditing at the server level\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Desired Auditing setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enabled\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit standard tier of DDoS protection is enabled for a virtual network\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableDDoSProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce encryption on Data Lake Store accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures encryption is enabled on all Data Lake Store accounts\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DataLakeStore/accounts/encryptionState\",\r\n \"equals\": \"Disabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7ff3161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unencrypted SQL servers or databases will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a8bef009-a5c9-4d0f-90d7-6018734e8a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy network watcher when virtual networks are created\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"networkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[field('location')]\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-09-01\",\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"name\": \"[concat('networkWacher_', parameters('location'))]\",\r\n \"location\": \"[parameters('location')]\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with owner permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa633080-8b72-40c4-a2d7-d00c03e80bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Automatic provisioning of security monitoring agent\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Installs security agent on VMs for advanced security alerts and preventions in Azure Security Center. Applies only for subscriptions that use Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"securityAgent\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abcc6037-1fc4-47f6-aac5-89706589be24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'environment' tag value in allowed values\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.environment\",\r\n \"in\": [\r\n \"production\",\r\n \"dev\",\r\n \"test\",\r\n \"staging\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"endpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af6cd1bd-1635-48cb-bde7-5b15693900b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unaudited SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"SQL servers and databases which doesn't have SQL auditing turned on will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"auditing\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af8051bf-258b-44e2-a2bf-165330459f9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible network Just In Time (JIT) access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"jitNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM /etc/passwd file permissions are set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Event Hub namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b278e460-7cfc-4451-8294-cccc40a940d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"AuditSecureProtocol\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AuditSecureProtocol\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs for Search service\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Search\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an API app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b48334a4-911b-4084-b1ab-3e6a4e50b951\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of Azure Active Directory for client authentication in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit usage of client authentication only via Azure Active Directory in Service Fabric\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b54ed75b-3e1a-44ac-a333-05ba39b99ff0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be0a7681-bed4-48dc-9ff3-f0171ee170b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Asia data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastasia\",\r\n \"southeastasia\",\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\",\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Data Lake Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply Diagnostic Settings for Network Security Groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy automatically deploys diagnostic settings to network security groups.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist)\",\r\n \"description\": \"This resource group must already exist\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setbypolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"rgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"storageDeployName\": \"[concat('policyStorage_', uniqueString(parameters('location'), parameters('nsgName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('nsgName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [\r\n \"[variables('storageDeployName')]\"\r\n ],\r\n \"properties\": {\r\n \"storageAccountId\": \"[reference(variables('storageDeployName')).outputs.storageAccountId.value]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('storageDeployName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('rgName')]\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-06-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[concat(parameters('storageprefix'), parameters('location'))]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"location\": \"[parameters('location')]\",\r\n \"tags\": {\r\n \"created-by\": \"policy\"\r\n },\r\n \"scale\": null,\r\n \"properties\": {\r\n \"networkAcls\": {\r\n \"bypass\": \"AzureServices\",\r\n \"defaultAction\": \"Allow\",\r\n \"ipRules\": [],\r\n \"virtualNetworkRules\": []\r\n },\r\n \"supportsHttpsTrafficOnly\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"storageAccountId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[resourceId(parameters('rgName'), 'Microsoft.Storage/storageAccounts',concat(parameters('storagePrefix'), parameters('location')))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('rgName')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb510bfd-1cba-4d9f-a230-cb0976f4bb71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed virtual machine SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for virtual machines.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cccc23c7-8427-4f53-ad12-b6a63eb452b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'department' tag set\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation only if the 'department' tag is set\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags\",\r\n \"containsKey\": \"department\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd8dc879-a2ae-43c3-8211-1877c5755064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Key Vault\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf820ca0-f99e-4f3e-84fb-66e913812d21\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Function Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a Function app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a web application from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd2ea520-6b06-45c3-806e-ea297c23e06a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e01598e8-6538-41ed-95e8-8b29746cd697\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor OS vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"osVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3576e28-8b17-4677-84c3-db2990658d64\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"global\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"notEquals\": \"Microsoft.AzureActiveDirectory/b2cDirectories\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e56962a6-4747-49cd-b67b-bf8b01975c4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Node.js Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Node.js version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestNodeJS\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e67687e8-08d5-4e7f-8226-5b4753bba008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations for resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that resource groups can be created in.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e765b5de-1225-4ba3-bd56-1ac6695af988\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within a web application must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e797f851-8be7-4c40-bb56-2e3395215b0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an API app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration and Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid110\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"NotInstalledApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"NotInstalledApplication\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[Parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0633351-c7b2-41ff-9981-508fc08553c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid121\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if they not logging to the LA workspace specified in the policy/initiative assignment.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"notEquals\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f47b5582-33ec-4c5c-87c0-b010a6b2e917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of authorization rules on Event Hub entities\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit existence of authorization rules on Event Hub entities to grant least-privileged access\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/eventhubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/eventHubs/authorizationRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4826e5f-6a27-407c-ae3e-9582eb39891d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Auditing on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\",\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8456c1c-aa66-4dfb-861a-25d127b775c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Service Bus\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Stream Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Stream Analytics\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingJobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits that the specified application is installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor SQL vulnerability assessment results in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedinstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"feedbf84-6b99-488c-acc2-71c829aa5ffc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"cheggert: Append VMSS extension\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/virtualMachineProfile\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*].type\",\r\n \"notEquals\": \"GenevaMonitoring\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*]\",\r\n \"value\": {\r\n \"name\": \"Microsoft.Azure.Geneva.GenevaMonitoring\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Geneva\",\r\n \"type\": \"GenevaMonitoring\",\r\n \"typeHandlerVersion\": \"1.8\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {}\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/01b105ed-6ded-4a1d-894c-df85fd9351cb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"01b105ed-6ded-4a1d-894c-df85fd9351cb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage_httpsTrafficOnly\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/023217dd-81bb-461f-93ea-8799caac50c7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"023217dd-81bb-461f-93ea-8799caac50c7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"This shouldn't work\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This customer's policy is attempting to append multiple tags at once. I expect it will just append one tag with a really long name\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"value\": [\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04183864-11ae-4e7a-aadb-c600e40ed1b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04183864-11ae-4e7a-aadb-c600e40ed1b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Inherit named tag from resource group\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Applies the tag value from the resource group if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[resourcegroup().tags[parameters('tagName')]]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04904947-4d10-4454-9a50-f423d590e11b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04904947-4d10-4454-9a50-f423d590e11b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : AuditIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"deploys a delete lock for a resource \",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/0b88dfdb-55b3-4fb0-b474-5b6dcbe6b2ef/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"CanNotDelete\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {},\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"apiVersion\": \"2015-01-01\",\r\n \"name\": \"DeleteLock\",\r\n \"properties\": {\r\n \"level\": \"CanNotDelete\",\r\n \"notes\": \"prevent deletion\"\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ddd96d8-fccd-40cb-81d2-5072a4ed061c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ddd96d8-fccd-40cb-81d2-5072a4ed061c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robga-nsgtemplate-test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ddfee46-9b63-4313-a529-cfbf968d8118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ddfee46-9b63-4313-a529-cfbf968d8118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akif incident - 85944710\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 85944710\\nhttps://icm.ad.msft.net/imp/v3/incidents/details/85944710/home\\n\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af12870bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af12870bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"second attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af1287abe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af1287abe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"chegg: Deploy azsecpack autoupgrade (VMSS)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n }\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*].name\",\r\n \"notEquals\": \"Microsoft.Azure.Geneva.GenevaMonitoring\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"Microsoft.Azure.Geneva.GenevaMonitoring\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"GenevaMonitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Geneva\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/enableAutomaticUpgrade\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-10-01\",\r\n \"name\": \"[concat(parameters('vmssName'), '/Microsoft.Azure.Geneva.GenevaMonitoring')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"enableAutomaticUpgrade\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ec05dac-e529-48ef-8c20-f7e6af99a12b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ec05dac-e529-48ef-8c20-f7e6af99a12b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/123c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"123c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim nsg repro\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"fix\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/14ac45e9-df97-455d-b6ee-dd216f15f694\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"14ac45e9-df97-455d-b6ee-dd216f15f694\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim-incident-86226837-fix\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"1 - reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/15358dd8-671e-4c96-be33-2b668791418f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"15358dd8-671e-4c96-be33-2b668791418f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Attempt service bus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logProfiles\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logProfiles/serviceBusRuleId\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/163c640e-681c-445f-92ba-cd434bd8c11c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"163c640e-681c-445f-92ba-cd434bd8c11c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.zyx\",\r\n \"exists\": \"false\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/17d43473-870f-4bc8-93c6-3961fa1d91cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17d43473-870f-4bc8-93c6-3961fa1d91cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"peterhaugeaudit\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Testing resource group in IfNotExists (not the intent of the original policy, but looks like there's some weirdness here)\\n\\nChanged: Microsoft.Resources/subscriptions/resourceGroups to Microsoft.Resources/resourceGroups\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"name\": \"EnforceServicePrincipalAccessToDevTestLabsResourceGroups\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/19153189-4506-4910-b7bc-756e0188a6f2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"19153189-4506-4910-b7bc-756e0188a6f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit all tags\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"tags\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags\",\r\n \"value\": \"[resourceGroup().tags]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1e3c9312-c011-40a3-ac40-3bf3ddc24120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e3c9312-c011-40a3-ac40-3bf3ddc24120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource group locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Allowed resource group locations\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f20036f-28c3-48f3-9266-05d50fe391f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f20036f-28c3-48f3-9266-05d50fe391f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"docdb_aliases_test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/isVirtualNetworkFilterEnabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f5360b7-fe59-43f7-8af5-825df420d09c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f5360b7-fe59-43f7-8af5-825df420d09c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ovewrites security rules with IP restrictions at the securityRule level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Limit to one protocol. The most inclusive should come last. I.e. 22;22-22;22-23\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"priority\": {\r\n \"type\": \"int\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[parameters('fullRuleName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-02-01\",\r\n \"properties\": {\r\n \"protocol\": \"*\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[last(parameters('destinationPortRanges'))]\",\r\n \"access\": \"Allow\",\r\n \"direction\": \"Inbound\",\r\n \"priority\": \"[parameters('priority')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[field('Microsoft.Network/networksecurityGroups/securityRules/priority')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"20c4afd0-8a77-4433-b8b0-4ad06e4c7111\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy NSGs on Subnets\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforce that all subnets have a Network Security Group. If a subnet does not have one an NSG with the default Internet Exposed Endpoint restrictions will be created and associated with it.\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string to apply to all automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges must not overlap.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks/subnets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"notEquals\": \"null\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgPrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"nsgName\": \"[concat(parameters('nsgPrefix'), '-', parameters('location'))]\",\r\n \"vnetName\": \"[split(parameters('fullResourceName'), '/')[0]]\",\r\n \"vnetResourceId\": \"[resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))]\",\r\n \"getVnetDeploymentName\": \"[concat('getVnet-', variables('vnetName'))]\",\r\n \"collectSubnetsDeploymentName\": \"[concat('collectSubnets-', variables('vnetName'))]\",\r\n \"overwriteVnetDeploymentName\": \"[concat('overwriteVnet-', variables('vnetName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"vnetProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('vnetResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[variables('nsgName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"securityRules\": [\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Restrict\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from specific IP ranges (either corpnet or SAW)\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3997,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_AllowVnet\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from within the VNET\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"VirtualNetwork\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3998,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Deny\",\r\n \"properties\": {\r\n \"description\": \"Deny any controlled port connections that aren't explicitly allowed in higher priority rules\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 3999,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_AllowAll\",\r\n \"properties\": {\r\n \"description\": \"Allow all inbound traffic that isn't explicitly blocked by Port Lockdown restrictions\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 4000,\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectSubnetsDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_collectSubnets_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"nsgResourceId\": {\r\n \"value\": \"[resourceid('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"dependsOn\": [\r\n \"[variables('nsgName')]\"\r\n ],\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_overwriteVnet_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"updatedSubnets\": {\r\n \"value\": \"[reference(variables('collectSubnetsDeploymentName')).outputs.updatedSubnets.value]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"nsgPrefix\": {\r\n \"value\": \"[parameters('nsgPrefix')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/210ed8bd-6b07-4d5e-a62c-c34f07293288\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"210ed8bd-6b07-4d5e-a62c-c34f07293288\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit all Microsoft.Web/sites/config/authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/211a466d-b2be-46e8-b029-8c28f566f118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"211a466d-b2be-46e8-b029-8c28f566f118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of a tag2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits that a required tag is present on resources\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"notcontainsKey\": \"[parameters('tagName')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24813039-7534-408a-9842-eb99f45721b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append single location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.locationTest\",\r\n \"value\": \"[parameters('allowedLocation')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin oms vm linux parameterized effect\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"263f13f4-6b88-4788-bead-34beedde70ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere strange alias in field function\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"Tags['asdasd']\",\r\n \"equals\": \"[concat('whatever', 'a')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/26556185-593c-4866-9c0c-114ac0bf6120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26556185-593c-4866-9c0c-114ac0bf6120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test guest assignment\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/28e54a72-2fd7-40d3-afe2-b05423e0147a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"28e54a72-2fd7-40d3-afe2-b05423e0147a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"2nd attempt on this policy. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"notIn\": \"[parameters('allowedLocations')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd60841400\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd60841400\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-combined\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"the combined policy attempt for both cosmos db cases. \",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"locationNames\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd6084180f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd6084180f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage ip rules append 2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.ipRules\",\r\n \"value\": [\r\n {\r\n \"value\": \"8.8.8.8\",\r\n \"action\": \"Allow\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/2b2317a7-ab02-47b5-8159-eb7e6227709f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2b2317a7-ab02-47b5-8159-eb7e6227709f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[demo] Enforce KeyVault diagnostic log storage\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"[tolower(concat('cheggkv', parameters('location')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('cheggremdemo', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/332ce4ac-9200-4573-8c66-92b85fc82c8d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"332ce4ac-9200-4573-8c66-92b85fc82c8d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_enableAutomaticFailover\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/enableAutomaticFailover\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_defaultConsistencyLevel\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/consistencyPolicy.defaultConsistencyLevel\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0b7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_readLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_writeLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_failoverPolicies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd160\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c0df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c0df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL and Managed Instance TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c144\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c144\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services vaults test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"vault\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vault\",\r\n \"description\": \"The Recovery Services Vault.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n },\r\n \"vaults\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vaults\",\r\n \"description\": \"The list of Recovery Services Vaults.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('vault')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('vaults')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b2c1b0f-63c5-4943-8578-6d37fbe411bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b2c1b0f-63c5-4943-8578-6d37fbe411bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b788cf8-ff6f-4075-86a1-ab76270790e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b788cf8-ff6f-4075-86a1-ab76270790e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3cc5820a-cbb8-4977-9c90-d90ced95f12c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3cc5820a-cbb8-4977-9c90-d90ced95f12c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Name should have prefix and suffix\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Name should have prefix and suffix\",\r\n \"parameters\": {\r\n \"prefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The prefix\",\r\n \"description\": \"The name prefix\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"suffix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The suffix\",\r\n \"description\": \"The name suffix.\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('prefix'), '*', parameters('suffix'))]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e275e2e-a157-4ade-8f91-43b3ea370007\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e275e2e-a157-4ade-8f91-43b3ea370007\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Restrict VM skus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Restricts allowed VM skus to a predefined regex\",\r\n \"parameters\": {\r\n \"allowedSkuTemplate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed VM sku template\",\r\n \"description\": \"The VM sku template. Supports wildcards via '*'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"like\": \"[parameters('allowedSkuTemplate')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e34c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e34c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKU\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits the use of storage account SKUs that don't meet organizational cost policy.\",\r\n \"parameters\": {\r\n \"listOfAllowedSkus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of allowed SKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSkus')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e3682\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e3682\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaDataFactoryTest1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"RobgaDataFactoryTest\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataFactory/factories\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/robgatestworkspace/providers/Microsoft.OperationalInsights/workspaces/robgatestworkspace\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce autoUpgrade on VM/VMSS extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies any VM or VMSS extensions that do not have autoUpgradeMinorVersion set to true.\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f772\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f772\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically enabled autoUpgradeMinorVersion on VM extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f783\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f783\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM scale set extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically appends autoUpgradeMinorVersion=true to VMSS extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f7a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f7a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService must use serverFarm\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService serverFarm must have capacity > 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/serverFarms\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/serverFarms/sku.capacity\",\r\n \"in\": [\r\n \"0\",\r\n \"1\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc23\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc23\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Do_Not_Delete\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy is used for unit tests. Please do not delete it.\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4a0425e4-97bf-4ad0-ab36-145b94083c60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4a0425e4-97bf-4ad0-ab36-145b94083c60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny MySQL firewallRules starting with 0\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4b94c320-ce63-4fb6-ba9d-7dbe648b90de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4b94c320-ce63-4fb6-ba9d-7dbe648b90de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83686598\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"deny the creation of storage if supportsHttpsTrafficOnly is false\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"detect 'allow All' NSG rule\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c915617-16f0-4c62-b021-e66d5409d11d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c915617-16f0-4c62-b021-e66d5409d11d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332195\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332199\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332199\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny storage container creation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts/blobServices/containers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4d2f8837-7acb-4488-b580-95960ee3f116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d2f8837-7acb-4488-b580-95960ee3f116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure auto-created NSG rules exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ensures that security rules created in auto-created PortLockdown NSGs are not tampered with\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string applied to automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to in the expected security rule. I.e. 192.4.0.0/8;192.5.0.0/8 or *\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions in the expected security rule\"\r\n }\r\n },\r\n \"priority\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected priority\",\r\n \"description\": \"The priority of the expected security rule.\"\r\n }\r\n },\r\n \"access\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected access\",\r\n \"description\": \"The access (allow/deny) of the expected security rule.\"\r\n },\r\n \"allowedValues\": [\r\n \"Allow\",\r\n \"Deny\"\r\n ]\r\n },\r\n \"name\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected name\",\r\n \"description\": \"The name of the expected security rule.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('nsgPrefix'), '-', field('location'))]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"equals\": \"[parameters('priority')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"[parameters('access')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"name\": {\r\n \"type\": \"string\"\r\n },\r\n \"priority\": {\r\n \"type\": \"string\"\r\n },\r\n \"access\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"isSinglePrefix\": \"[equals(count(parameters('sourceAddressPrefixes')), 1)]\",\r\n \"isSinglePortRange\": \"[equals(count(parameters('destinationPortRanges')), 1)]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('nsgName'), '/', parameters('name'))]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"properties\": {\r\n \"description\": \"Rule auto-created by Internet Exposed Endpoints protection\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[if(variables('isSinglePortRange'), first(parameters('destinationPortRanges')), '')]\",\r\n \"destinationPortRanges\": \"[if(not(variables('isSinglePortRange')), parameters('destinationPortRanges'), json('[]'))]\",\r\n \"sourceAddressPrefix\": \"[if(variables('isSinglePrefix'), first(parameters('sourceAddressPrefixes')), '')]\",\r\n \"sourceAddressPrefixes\": \"[if(not(variables('isSinglePrefix')), parameters('sourceAddressPrefixes'), json('[]'))]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"[parameters('access')]\",\r\n \"priority\": \"[int(parameters('priority'))]\",\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"name\": {\r\n \"value\": \"[parameters('name')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[parameters('priority')]\"\r\n },\r\n \"access\": {\r\n \"value\": \"[parameters('access')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f283ec4-25a9-46df-bbf2-806ed5a3e115\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rs defaultvalue backslash\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Extensions to Exclude\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \".FWD;.GSC;.GSE;.MYD;.MYI;.SMD;.VAC;.BAK;.CHK;.FRM;.LDF;.LOG;.MBX;.MDF;.NDF;.TRN;.UND;.UNF;.UNH;.UNI;.UNQ;.UNS;.VHD;.VMDX;.WCI;.EDB;.SDS\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Paths to Exclude\",\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Sysvol;C:\\\\ProgramData\\\\Microsoft\\\\SharePoint;C:\\\\Program Files\\\\Common Files\\\\Microsoft Shared\\\\Web Server Extensions;C:\\\\Program Files\\\\Operations Manager;C:\\\\Program Files\\\\Microsoft Monitoring Agent;C:\\\\Program Files\\\\Microsoft Office Servers;C:\\\\Program Files\\\\Microsoft System Center 2012 R2\\\\Server;C:\\\\Program Files\\\\System Center Operations Manager;C:\\\\Program Files\\\\System Center Operations Manager 2007;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\NTDS;C:\\\\Windows\\\\System32\\\\LogFiles;C:\\\\Windows\\\\Sysvol;C:\\\\Program Files\\\\Double-Take Software;C:\\\\Program Files\\\\DoubleTake;C:\\\\Program Files\\\\Exchsrvr;C:\\\\Program Files\\\\Ipswitch;C:\\\\Program Files\\\\LogMeIn;C:\\\\Windows\\\\SoftwareDistribution\\\\Datastore;C:\\\\Windows\\\\Temp\\\\Gthrsvc\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Processes to Exclude\",\r\n \"description\": \"Semicolon delimited list of processes to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"HealthService.exe;ManagementService.exe;Microsoft.Mom.Sdk.Service.exe;Microsoft.Mom.ConfigServiceHost.exe;MonitoringHost.exe;pagefile.sys\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable real time protection\",\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Scheduled scans\",\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n },\r\n \"defaultValue\": \"false\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Scheduled Scan Type\",\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n },\r\n \"defaultValue\": \"Quick\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Day of Scheduled Scan\",\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n },\r\n \"defaultValue\": \"7\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Time of Scheduled Scan\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"120\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"value\": \"[parameters('ExclusionsExtensions')]\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"value\": \"[parameters('ExclusionsPaths')]\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"value\": \"[parameters('ExclusionsProcesses')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"[parameters('RealtimeProtectionEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsIsEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsDay')]\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsTime')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50877efd-8dd9-43d5-b4e6-3b70e64311b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50877efd-8dd9-43d5-b4e6-3b70e64311b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy key vault KV_B if key vault KV_A does not exist.\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy will deploy a key vault named KV_B if a key vault named KV_A does not exist.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"KV_B\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-10-01\",\r\n \"name\": \"KV_A\",\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"location\": \"eastus2\",\r\n \"properties\": {\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"sku\": {\r\n \"family\": \"A\",\r\n \"name\": \"standard\"\r\n },\r\n \"accessPolicies\": []\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50e2972e-143c-4edf-9ef6-bee0f84212d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaTestRbac\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Authorization/roleAssignments/principalId\",\r\n \"equals\": \"Admin\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/560482cd-dac5-41e6-9cef-b0aecd6020de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"560482cd-dac5-41e6-9cef-b0aecd6020de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : definition param with assignPermissions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/57ef268f-b414-436a-9894-125a81d80b30\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"57ef268f-b414-436a-9894-125a81d80b30\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"GokmenhAuditLocation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit if not west us\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5948d091-78b7-4d3b-a404-cc6a0329b0c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5948d091-78b7-4d3b-a404-cc6a0329b0c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"deployifnotexist template alias tests - redis\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/Redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/sku.family\",\r\n \"equals\": \"C\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"Whatever*\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"type\": \"string\"\r\n },\r\n \"nameField\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuFamilyOut\": {\r\n \"value\": \"[parameters('skuFamily')]\",\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPortOut\": {\r\n \"value\": \"[parameters('enableNonSslPort')]\",\r\n \"type\": \"string\"\r\n },\r\n \"nameFieldOut\": {\r\n \"value\": \"[parameters('nameField')]\",\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/sku.family')]\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/enableNonSslPort')]\"\r\n },\r\n \"nameField\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"exists\": \" false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca376\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca376\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86318519\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86318519\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallrules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"AllowAllWindowsAzureIps\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca600\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca600\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"exists\": \"true\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"notIn\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca8d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca8d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Test storage alias\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Test storage alias\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"type\": \"string\"\r\n },\r\n \"encrypt\": {\r\n \"type\": \"string\"\r\n },\r\n \"accessTier\": {\r\n \"type\": \"string\"\r\n },\r\n \"skuName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuNameOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('skuName')]\"\r\n },\r\n \"accessTierOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('accessTier')]\"\r\n },\r\n \"httpsOnlyOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('httpsOnly')]\"\r\n },\r\n \"encryptOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('encrypt')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly')]\"\r\n },\r\n \"encrypt\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/enableBlobEncryption')]\"\r\n },\r\n \"accessTier\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/accessTier')]\"\r\n },\r\n \"skuName\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/sku.name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5fa69139-9a49-464e-90b5-0d243a469138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5fa69139-9a49-464e-90b5-0d243a469138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit costcenter tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"value\": \"[resourceGroup().tags.CostCenter]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6ced0d17-98f3-41e2-8038-08c8f4fb90e3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6ced0d17-98f3-41e2-8038-08c8f4fb90e3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim Apply allowed tag and its default value\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"3\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n },\r\n \"allowedValues\": [\r\n \"TagA\",\r\n \"TagB\"\r\n ]\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6d1735de-f3e3-4c40-a8b2-7b3a1042a895\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6d1735de-f3e3-4c40-a8b2-7b3a1042a895\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": null\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"3\"\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"Metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The metric operator.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"The timeAggregation.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"The window size.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"The evaluation frequency.\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The action group id.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('alertNamePrefix'), '*')]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(toLower(parameters('alertNamePrefix')), uniqueString(resourceGroup().id))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6f2c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6f2c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testImageId\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"css\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"contains\": \"resourceGroups/testSandipsh\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/70dc1e8d-61c9-4089-8bf5-895b227c1298\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"70dc1e8d-61c9-4089-8bf5-895b227c1298\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"policyTrackedResources-sdk-tests\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"notIn\": [\r\n \"policyTrackedResources-sdk-tests-rule1\",\r\n \"policyTrackedResources-sdk-tests-rule2\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule1')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule2')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2001,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny if blob is not encrypted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/74d5cf40-7293-46a4-a285-7ea971e3719a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"74d5cf40-7293-46a4-a285-7ea971e3719a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Location restriction\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Policy to force allocations to a set of given locations\",\r\n \"metadata\": {\r\n \"category\": \"cstack\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/763dcd1d-a4a9-46a8-8bd3-357c4533a335\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"763dcd1d-a4a9-46a8-8bd3-357c4533a335\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83577342 deny proxy resource location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/83577342/home\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"eastus\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingjobs/transformations\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/77429b44-aac1-4417-a53e-6900c07e11ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"77429b44-aac1-4417-a53e-6900c07e11ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Block TLS < 1.2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/slots/config\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\r\n \"notEquals\": \"1.2\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/78c5df31-2f05-4f4d-acfe-3e536d88c1bc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"78c5df31-2f05-4f4d-acfe-3e536d88c1bc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny ActiveDirectory administrators\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/administrators/administratorType\",\r\n \"equals\": \"ActiveDirectory\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash weird chars\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR!@#$%^&*()_+=-{}[];:',.<>?~`/;C:\\\\hello\\\\there\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7f4d769f-78db-46eb-ac3c-0b8214f8c245\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f4d769f-78db-46eb-ac3c-0b8214f8c245\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock v2\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/83daa8ee-7c9a-470c-81a8-5a99ac09d134\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83daa8ee-7c9a-470c-81a8-5a99ac09d134\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"northwell.io\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/86cd412c-c557-473b-984c-a5f15cdcb116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86cd412c-c557-473b-984c-a5f15cdcb116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Parameterized effect (if location != eastus)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The policy effect.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"eastus\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"885f1dcb-a9c5-4c8c-8996-2702db44a2d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.xyz\",\r\n \"exists\": false\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8959fd87-c1dd-4831-9034-a4f876bee1cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8959fd87-c1dd-4831-9034-a4f876bee1cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Kubernetes ingress policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Only specified ingress is allowed based on names\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere applicability test 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/whatever\"\r\n },\r\n {\r\n \"field\": \"tags.applicability\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8e6b598c-1a45-404b-97dd-983e37c040da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8e6b598c-1a45-404b-97dd-983e37c040da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_ipRangeFilter\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/ipRangeFilter\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9012b1cd-b045-46c6-a510-6137e06a009c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elperetest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"value\": \"[resourceGroup().tags['Hyphen-test']]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9389a21b-2134-414a-a579-e9f2709b2131\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9389a21b-2134-414a-a579-e9f2709b2131\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash (array)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": [\r\n \"C:\\\\rs-pkgs\",\r\n \"C:\\\\System Volume Information\\\\DFSR\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/985adbc0-6d2e-448a-ac26-89d3688191d5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"985adbc0-6d2e-448a-ac26-89d3688191d5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github209\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/virtualNetworkRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9a060c03-fda7-4b0a-b4da-15e2b7e4d117\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9a060c03-fda7-4b0a-b4da-15e2b7e4d117\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - Subscription Lvl test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Subscriptionlevel auditIfNotExist policy\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a1b067c8-2970-4c0b-b0da-31ae7f33d1de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1b067c8-2970-4c0b-b0da-31ae7f33d1de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Noop\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Don't do anything\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"yabba\",\r\n \"dabba\",\r\n \"doo\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a309ad64-0bae-48d9-a6b1-d99c0b4218b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a309ad64-0bae-48d9-a6b1-d99c0b4218b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyof\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a337c781-c7d8-4e12-ae69-1951c7e74378\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a337c781-c7d8-4e12-ae69-1951c7e74378\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127 - better\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\",\r\n \"Deny\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"81196380\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure https traffic only for storage account\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure https traffic only for storage account\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"true\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscription name tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"add subscription name tag\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionname\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionname\",\r\n \"value\": \"[subscription().displayName]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d82a2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d82a2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Add subscription \\\"id\\\" tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.id\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.id\",\r\n \"value\": \"[subscription().id]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8339\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8339\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscriptionId tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionId\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionId\",\r\n \"value\": \"[subscription().subscriptionId]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8635\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8635\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgaNSGtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/aeb6a524-e3d1-4b8a-afa8-26ae4e291116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aeb6a524-e3d1-4b8a-afa8-26ae4e291116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed Location Indexed\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"hackathon policy\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Allowed-Locations-Indexed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Allowed-Locations-Indexed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if antiMalware extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy audits if the anti malware extension .\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/antiMalwareExtensionExists\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"antiMalwareExtensionExists\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Web socket must be disabled on App Services\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures web sockets are disabled on App Services.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/AppServiceWebSockets\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"AppServiceWebSockets\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure Security Center must be enabled\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures Azure Security Center is enabled.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ASCEnabled\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ASCEnabled\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and it's value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and its value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits if a required extension doesn't exist.\",\r\n \"parameters\": {\r\n \"publisher\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The publisher of the extension\",\r\n \"displayName\": \"Extension Publisher\"\r\n }\r\n },\r\n \"type\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The type of the extension\",\r\n \"displayName\": \"Extension Type\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"[parameters('publisher')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"[parameters('type')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/audit-vm-extension\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"audit-vm-extension\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"CanCrudPolicyAssignment Policy Definition $[Auto Test]\",\r\n \"policyType\": \"Custom\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"ResourceProviderTestHost/TestResourceType/TestResourceTypeNestedOne/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/azsmnet6487\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"azsmnet6487\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"89322663 audit diag setting\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"description\": \"The list of resources types to audit for missing diagnostic log settings.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"details\": {\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"equals\": \"true\",\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\"\r\n }\r\n ]\r\n },\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\"\r\n },\r\n \"effect\": \"AuditIfNotExists\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b350b9b0-8ba5-4867-bc9c-63b4544671b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b350b9b0-8ba5-4867-bc9c-63b4544671b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"makharchtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"policy\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b36f6195-0fc5-4a41-bbce-875248400f5f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b36f6195-0fc5-4a41-bbce-875248400f5f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash really long string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b9203c56-0565-434a-a315-87f4da9f21b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b9203c56-0565-434a-a315-87f4da9f21b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"NSG Rules exists test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].protocol\",\r\n \"notLike\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/bb6a78ae-8737-41e0-9c41-cc777c8c00a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bb6a78ae-8737-41e0-9c41-cc777c8c00a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"Category\": \"Flintstones\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"yabba\",\r\n \"dabba\",\r\n \"doo\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/BedrockPolicy\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"BedrockPolicy\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c0f586f1-abe5-4801-8588-7332e49e60c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c0f586f1-abe5-4801-8588-7332e49e60c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"234\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logprofiles\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/logprofiles\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Doublecheck the lifecycle tag policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy refers to tags['Lifecycle'], which with the current implementation of the escaped tags syntax will refer to a tag named 'Lifecycle' (quotes and all). This is a customer policy that would be broken when I switch the meaning of tags['Lifecycle'] to refer simply to a tag named Lifecycle (no quotes)\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['Lifecycle']\",\r\n \"notIn\": [\r\n \"dev\",\r\n \"tst\",\r\n \"stg\",\r\n \"prd\",\r\n \"trn\",\r\n \"prf\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c6be98a9-8108-40aa-b726-d2ae8e2891b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c6be98a9-8108-40aa-b726-d2ae8e2891b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe resource group auditIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c7b9982d-2f50-4730-935f-5c241982a441\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c7b9982d-2f50-4730-935f-5c241982a441\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed resource types\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": \"The list of allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('allowedTypes')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c872f951-1c5d-4c61-89dd-aee2350a11ba\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8b79b49-a579-4045-984e-1b249ab8b474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8cedfaa-4aa0-465a-8b90-49caf8177158\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8cedfaa-4aa0-465a-8b90-49caf8177158\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere css block NSG changes\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/95894791/home\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"nsgName\",\r\n \"description\": \"The name of the NSG.\"\r\n },\r\n \"defaultValue\": \"nsgName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('nsgName')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"fullName\",\r\n \"like\": \"[concat(parameters('nsgName'), '/*')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ca01432d-4278-45a6-8137-69f2155d2248\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ca01432d-4278-45a6-8137-69f2155d2248\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin empty string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure resource names meet the like condition for a pattern.\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"namePattern\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"namePattern\",\r\n \"description\": \"Pattern to use for names. Can include wildcard (*).\"\r\n },\r\n \"allowedValues\": [\r\n \"\",\r\n \"one\",\r\n \"two\"\r\n ],\r\n \"defaultValue\": \"\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('namePattern')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"camarvin-test-empty-assign\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere append 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.test\",\r\n \"value\": \"1\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny on 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.test\",\r\n \"equals\": \"1\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Resource name contains resource group name\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Require resources to contain the resource group's name\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"notContains\": \"[resourceGroup().name]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/contain-resource-group-name\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"contain-resource-group-name\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v3\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"third attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5002\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-deployIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"deploys a delete lock for a resource \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/0b88dfdb-55b3-4fb0-b474-5b6dcbe6b2ef/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"CanNotDelete\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {},\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"apiVersion\": \"2015-01-01\",\r\n \"name\": \"DeleteLock\",\r\n \"properties\": {\r\n \"level\": \"CanNotDelete\",\r\n \"notes\": \"prevent deletion\"\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5632\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5632\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce KeyVault diagnostic log storage (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"elperetest\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('elpere', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d0d9349d-843c-443a-9f27-5ce84f08c37e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d0d9349d-843c-443a-9f27-5ce84f08c37e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere template paramters function tests\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"testing strange array behavior\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"contains\": \"lmao\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"String\"\r\n },\r\n \"dataDisks\": {\r\n \"type\": \"object\"\r\n },\r\n \"osDisk\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmVar\": \"[parameters('vmName')]\",\r\n \"dataDisksVar\": \"[parameters('dataDisks')]\"\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"vmNameOut\": {\r\n \"value\": \"[variables('vmVar')]\",\r\n \"type\": \"String\"\r\n },\r\n \"dataDisksOut\": {\r\n \"value\": \"[concat(array(parameters('osDisk')), if(empty(parameters('dataDisks').rawValue), parameters('dataDisks').emptyArray, array(parameters('dataDisks').rawValue)))]\",\r\n \"type\": \"array\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"dataDisks\": {\r\n \"value\": {\r\n \"rawValue\": \"[field('Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.id')]\",\r\n \"emptyArray\": []\r\n }\r\n },\r\n \"osDisk\": {\r\n \"value\": \"[field('Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.id')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d2532053-bf59-4095-a1ae-2b7e4744f119\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d2532053-bf59-4095-a1ae-2b7e4744f119\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Access KV as part of remidiation deployment test (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"hello\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"outputs\": {\r\n \"testSecretOutput\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('testSecret')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"reference\": {\r\n \"keyVault\": {\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/elpere/providers/Microsoft.KeyVault/vaults/elpereKv\"\r\n },\r\n \"secretName\": \"test\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d35ce9be-f51b-4d3e-bc7f-dde2936381b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d35ce9be-f51b-4d3e-bc7f-dde2936381b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - inv\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"inv \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\",\r\n \"details\": {\r\n \"functionId\": \"subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourcegroups/AKif2WebApp/providers/Microsoft.Logic/workflows/deneme\",\r\n \"payload\": {\r\n \"locations\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d54722e7-4665-47ce-9a82-2f96cebfe238\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d54722e7-4665-47ce-9a82-2f96cebfe238\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - incident - gardner\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"name\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"text\": {\r\n \"type\": \"string\",\r\n \"value\": \"Policy executed for resource [parameters('name')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"name\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d54722e7-4665-47ce-9a82-2f96cebfe353\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d54722e7-4665-47ce-9a82-2f96cebfe353\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs (NSG level)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Overwrites security rules with IP restrictions at the NSG level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges may overlap.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"getNsgDeploymentName\": \"[concat('getNSGContent-', parameters('nsgName'))]\",\r\n \"collectorDeploymentName\": \"[concat('collectRules-', parameters('nsgName'))]\",\r\n \"overwriteNsgDeploymentName\": \"[concat('overwriteNsg-', parameters('nsgName'))]\",\r\n \"nsgResourceId\": \"[resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"nsgProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('nsgResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectorDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_collectRules_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"nsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"portRangesToRestrict\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_overwriteNSG_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"originalNsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"updatedSecurityRules\": {\r\n \"value\": \"[reference(variables('collectorDeploymentName')).outputs.updatedSecurityRules.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d7b13c30-e6aa-47e1-b50a-8e33f152d086\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d7b13c30-e6aa-47e1-b50a-8e33f152d086\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7121\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7126\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e712b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7130\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7135\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e713a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Audited skus\",\r\n \"description\": \"The list of skus.\",\r\n \"strongType\": \"storageSkus\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e90ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e90ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List Of Allowed SKUs\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"vmSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e9170\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e9170\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[elpere] deployIfNotExists Runners test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"deployIfNotExistsTestsRule\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/deployIfNotExistsTestsRule')]\",\r\n \"properties\": {\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbfa9fc0-5202-4001-8759-1aa2387f825b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbfa9fc0-5202-4001-8759-1aa2387f825b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"allowedOS\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"test_sandipsh\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedWindows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Windows VMs\",\r\n \"description\": \"The list of allowed VMs for Windows.\"\r\n }\r\n },\r\n \"listOfAllowedUbuntus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Ubuntu VMs\",\r\n \"description\": \"The list of allowed VMs for Ubuntu.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/disks\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"Canonical\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"UbuntuServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedUbuntus')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedWindows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services backup policies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"policies\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policies\",\r\n \"description\": \"The list of allowed Recovery Services backup policies.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n },\r\n \"policy\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policy\",\r\n \"description\": \"Allowed Recovery Services backup policy.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('policies')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('policy')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e3f9a624-b17d-4dc8-9649-65814d3241bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3f9a624-b17d-4dc8-9649-65814d3241bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"authSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their logs config\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"logs\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny changing sites authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"defaultValue: all parameters\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"defaultValue\"\r\n },\r\n \"parameters\": {\r\n \"locations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array)\",\r\n \"description\": \"The list of locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": [\r\n \"eastus\",\r\n \"westus\"\r\n ]\r\n },\r\n \"location\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string)\",\r\n \"description\": \"The location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"resourceGroups\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array)\",\r\n \"description\": \"The list of resource groups.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": [\r\n \"camarvin\"\r\n ]\r\n },\r\n \"resourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string)\",\r\n \"description\": \"The resource group.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": \"camarvin\"\r\n },\r\n \"tags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array)\",\r\n \"description\": \"The list of tags.\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"tag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string)\",\r\n \"description\": \"The tag.\"\r\n },\r\n \"defaultValue\": \"\"\r\n },\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array, av)\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": [\r\n \"eastus\"\r\n ]\r\n },\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string, av)\",\r\n \"description\": \"The allowed location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"allowedStorageSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array, av)\",\r\n \"description\": \"The list of allowed storage SKUs for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ]\r\n },\r\n \"allowedStorageSKU\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string, av)\",\r\n \"description\": \"The allowed storage SKU for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": \"Standard_LRS\"\r\n },\r\n \"allowedTags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array, av)\",\r\n \"description\": \"The list of allowed tags.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ]\r\n },\r\n \"allowedTag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string, av)\",\r\n \"description\": \"The allowed tag.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": \"FirstName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('locations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('resourceGroups')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('resourceGroup')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('tags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('tag')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedStorageSkus')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"Equals\": \"[parameters('allowedStorageSku')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedTags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"NotEquals\": \"[parameters('allowedTag')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ea1688b3-022e-4add-af39-2fe60689a3b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ea1688b3-022e-4add-af39-2fe60689a3b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny \\\"Allow All\\\" NSG rules\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies the creation of sourceAddressPrefix=\\\"*\\\", destinationPortRange=\\\"*\\\" NSG security rules\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"PortLockdown_AllowAll\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"notEquals\": \"4000\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github264\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/siteAuthSettings.enabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ef00ee9d-fe45-4d14-8bee-789eea392116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ef00ee9d-fe45-4d14-8bee-789eea392116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"GokmenhTestTagWithHyphen5\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"GokmenhTestTagWithHyphen5\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"value\": \"[resourceGroup().tags['Hyphen-test']]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/f2320be5-23be-4b58-8d8e-08c3044dd60f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f2320be5-23be-4b58-8d8e-08c3044dd60f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy enables you to audit your location.\",\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/LocationAuditDefinition\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"LocationAuditDefinition\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"northeurope\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/policy2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"policy2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps6386\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps6386\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9652\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps9652\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9867\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps9867\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test policy\",\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testSandipsh.draft\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testSandipsh.draft\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testtest\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"testtest\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testtest\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testtest\"\r\n }\r\n ]\r\n}", "StatusCode": 200 }, { @@ -220,16 +220,16 @@ "Accept-Encoding" ], "x-ms-ratelimit-remaining-subscription-reads": [ - "11990" + "11997" ], "x-ms-request-id": [ - "westus2:70dff061-b2a2-4fc6-89df-6b9bfd95c5da" + "westus2:c8776f51-7f94-4ea2-8bd9-c9fc962a3439" ], "x-ms-correlation-request-id": [ - "e1312cd4-d28d-495d-9cf2-13259705da48" + "54653e90-3078-4752-b21c-c5947714b941" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T214119Z:e1312cd4-d28d-495d-9cf2-13259705da48" + "WESTUS2:20190116T193717Z:54653e90-3078-4752-b21c-c5947714b941" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -238,10 +238,10 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:41:19 GMT" + "Wed, 16 Jan 2019 19:37:17 GMT" ], "Content-Length": [ - "439489" + "487308" ], "Content-Type": [ "application/json; charset=utf-8" @@ -253,7 +253,7 @@ "0" ] }, - "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines without disaster recovery configured\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"ASR-Protect-*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an Function app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"001802d1-4969-4c82-a700-c29c6c6f9bbd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"053d3325-282c-4e5c-b944-24faffd30d77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Data Lake Store\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057ef27e-665e-4328-8ea3-04b3122bd9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL DB Level Audit Setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit DB level audit setting for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit VMs that do not use managed disks\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0868462e-646c-4fe3-9ced-a733534b6a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08b17839-76c6-4015-90e0-33d9d54d219c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit minimum number of owners for subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate more than one subscription owner in order to have administrator access redundancy.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateMoreThanOneOwner\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted VM Disks in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0961003e-5a0a-4549-abde-af6a37f2724d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit resource location matches resource group location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that the resource location matches its resource group location\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"notIn\": [\r\n \"[resourcegroup().location]\",\r\n \"global\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a914e76-4921-4c19-b460-a2d36003525a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an function app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e60b895-3786-45da-8377-9c6b4b6ac5f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11ac78e3-31bc-4f0c-8434-37ab963cea07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the required content to audit that an application is installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"WhitelistedApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WhitelistedApplication\"\r\n },\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"installedApplication\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[Parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit transparent data encryption status\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit transparent data encryption status for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"enabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17k78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1c210e94-a481-4beb-95fa-1571b434fb04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicCompute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d84d5fb-01f6-4d12-ba4f-4a26081d403d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1de7b11d-1870-41a5-8181-507e7c663cfb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enforces a required tag and its value. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e30110a-5ceb-460c-a204-c1c3969c6d62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit provisioning of an Azure Active Directory administrator for SQL server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/administrators\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f314764-cb73-4fc9-b863-8eca98ac36e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected web application in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Web applications without a Web Application Firewall protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\",\r\n \"Microsoft.Web/hostingEnvironments\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201ea587-7c90-41c3-910f-c280ae01cfd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a API app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"224da9fe-0d38-4e79-adb3-0a6e2af942ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of only secure connections to your Redis Cache\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Cache\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22bee202-a82f-4305-9a2a-6d7f44d4dedb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordLength\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordLength\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit configuration of metric alert rules on Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit configuration of metric alert rules on Batch account to enable the required metric\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/alertRules\",\r\n \"existenceScope\": \"Subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\r\n \"equals\": \"[parameters('metricName')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\r\n \"equals\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', field('name'))]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Microsoft IaaSAntimalware extension for Windows Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys a Microsoft IaaSAntimalware extension with a default configuraion when a VM is not configured with the antimalware extension.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of process names to exclude from scanning\"\r\n }\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"false\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Quick\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"7\",\r\n \"metadata\": {\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"120\",\r\n \"metadata\": {\r\n \"description\": \"When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM.\"\r\n }\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2835b622-407b-4114-9198-6f7064cbe0dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Applies a required tag and its default value if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fde8a98-6892-426a-83ba-050e640c0ce0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32133ab0-ee4b-4b44-98d6-042180979d50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid232\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"equals\": \"Allow\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34c877ad-507e-4c82-993e-3452a6e0ad3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Logic Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Logic Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34f95f76-5386-4de7-b824-0d8478470c9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MaximumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MaximumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enablement of encryption of Automation account variables\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is important to enable encryption of Automation account variable assets when storing sensitive data\",\r\n \"metadata\": {\r\n \"category\": \"Automation\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts/variables\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Automation/automationAccounts/variables/isEncrypted\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3657f5a0-770e-44a3-b44e-9431ba1e9735\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Threat Detection is enabled on SQL Servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicStorage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c1b3629-c8f8-4bf6-862c-037cb9094038\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Log Analytics Agent for Ubuntu VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace\",\r\n \"metadata\": {\r\n \"category\": \"Compute\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\",\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\",\r\n \"14.04.2-LTS\",\r\n \"12.04.5-LTS\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fe37002-5d00-4b37-a301-da09e3a0ca66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit secure transfer to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit requirment of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"404c3081-a854-4457-ae30-26a93ef643f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"428256e6-1fac-4f48-a757-df34c2b3336d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor permissive network access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"permissiveNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44452482-524f-4bf4-b852-0bff7cc4a3ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require SQL Server version 12.0\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures all SQL servers use version 12.0\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/version\",\r\n \"equals\": \"12.0\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46544d7b-1f0d-46f5-81da-5c1351de1b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce automatic OS upgrade with app health checks on VMSS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces usage of automatic OS upgrade with application health checks through health probes, which enables safer rollout by evaluating application health after each OS upgrade batch.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade\",\r\n \"equals\": \"True\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/networkProfile.healthProbe.id\",\r\n \"exists\": \"False\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f0161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible app Whitelisting in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible Application Whitelist configuration will be monitored by Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"applicationWhitelisting\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47a6b606-51aa-4496-8bb7-64b11cf66adc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48893b84-a2c8-4d9a-badf-835d5d1b7d53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Applies a required tag and its default value to resource groups if it is not specified by the user.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d1c04de-2172-403f-901b-90608c35c721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit maximum number of owners for a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateLessThanXOwners\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f11b553-d42e-4e3a-89be-32ca364cad4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with write permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df82f4f-773a-4a2d-97a2-422a806f1a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in India data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: West India, South India, Central India\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with read permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit the setting of ClusterProtectionLevel property to EncryptAndSign in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].name\",\r\n \"notEquals\": \"Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name\",\r\n \"notEquals\": \"ClusterProtectionLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value\",\r\n \"notEquals\": \"EncryptAndSign\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"617c02be-7f02-4efd-8836-3180d47b6c68\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit missing blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits storage accounts without blob encryption. It only applies to Microsoft.Storage resource types, not other storage providers. Possible network Just In Time access will be monitored by Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"655cb504-bcee-4362-bd4c-402e6aa38759\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a Function app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"664346d9-be92-43fb-a219-d595eeb76a90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a web application from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8450e2-6c61-43b4-be65-62e3a197bffe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization cannot deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that cannot be deployed.\",\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesNotAllowed')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdb9205-3462-4cfc-87d8-16c7860b53f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"EnforcePasswordHistory\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed storage account SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"StorageSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7433c107-6db4-4ad1-b57a-a76dce0154a1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in App Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"752c6934-9bcc-4749-b004-655e676ae2ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor VM Vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"vulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"760a85ff-6162-42b3-8d70-698e268f648c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"IaaSDiagnostics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Diagnostics\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"LinuxDiagnostic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.OSTCExtensions\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c1b1214-f927-48bf-8882-84f0af6588b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e56b49b-5990-4159-a734-511ea19b731c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordMustMeetComplexityRequirements\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit diagnostic setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f89b1eb-583c-429a-8828-af049802c1d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a214f7-d01a-484b-91a9-ed54470c9a6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy SQL DB transparent data encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enables transparent data encryption on SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('fullDbName'), '/current')]\",\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"apiVersion\": \"2014-04-01\",\r\n \"properties\": {\r\n \"status\": \"Enabled\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"value\": \"[field('fullName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing system updates in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Missing security system updates on your servers will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"systemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86b3d65f-7626-441e-b690-81a8b71cff60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"not_installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"not_installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"884b209a-963b-4520-8006-d20cb3c213e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces a required tag and its value on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce3da23-7156-49e4-b145-24f95f9dcb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"StorePasswordsUsingReversibleEncryption\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9297c21d-2ed6-4474-b48f-163f75654ce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in European data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: North Europe, West Europe\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"northeurope\",\r\n \"westeurope\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"94c19f19-8192-48cd-a11b-e37099d3e36b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in United States data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"centralus\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"northcentralus\",\r\n \"southcentralus\",\r\n \"westus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"983211ba-f348-4758-983b-21fa29294869\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9bfe3727-0a17-471f-a2fe-eddd6b668745\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected network endpoints in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network endpoints without a Next Generation Firewall's protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedNetworkEndpoint\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9daedab3-fb2d-461e-b861-71790eead4f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that can be deployed.\",\r\n \"displayName\": \"Allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesAllowed')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a08ec900-254a-4555-9bf5-e42af04b5c5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Service Bus namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1817ec0-a368-432a-8057-8371e17ac6ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a451c1ef-c6ca-483d-87ed-f49761e3ffb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL server level Auditing settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audits the existence of SQL Auditing at the server level\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Desired Auditing setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enabled\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit standard tier of DDoS protection is enabled for a virtual network\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableDDoSProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce encryption on Data Lake Store accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures encryption is enabled on all Data Lake Store accounts\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DataLakeStore/accounts/encryptionState\",\r\n \"equals\": \"Disabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7ff3161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unencrypted SQL servers or databases will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a8bef009-a5c9-4d0f-90d7-6018734e8a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy network watcher when virtual networks are created\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"networkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[field('location')]\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-09-01\",\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"name\": \"[concat('networkWacher_', parameters('location'))]\",\r\n \"location\": \"[parameters('location')]\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with owner permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa633080-8b72-40c4-a2d7-d00c03e80bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Automatic provisioning of security monitoring agent\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Installs security agent on VMs for advanced security alerts and preventions in Azure Security Center. Applies only for subscriptions that use Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"securityAgent\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abcc6037-1fc4-47f6-aac5-89706589be24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'environment' tag value in allowed values\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.environment\",\r\n \"in\": [\r\n \"production\",\r\n \"dev\",\r\n \"test\",\r\n \"staging\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"endpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af6cd1bd-1635-48cb-bde7-5b15693900b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unaudited SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"SQL servers and databases which doesn't have SQL auditing turned on will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"auditing\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af8051bf-258b-44e2-a2bf-165330459f9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible network Just In Time (JIT) access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"jitNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM /etc/passwd file permissions are set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Event Hub namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b278e460-7cfc-4451-8294-cccc40a940d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"AuditSecureProtocol\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AuditSecureProtocol\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs for Search service\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Search\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an API app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b48334a4-911b-4084-b1ab-3e6a4e50b951\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of Azure Active Directory for client authentication in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit usage of client authentication only via Azure Active Directory in Service Fabric\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b54ed75b-3e1a-44ac-a333-05ba39b99ff0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be0a7681-bed4-48dc-9ff3-f0171ee170b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Asia data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastasia\",\r\n \"southeastasia\",\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\",\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Data Lake Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply Diagnostic Settings for Network Security Groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy automatically deploys diagnostic settings to network security groups.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist)\",\r\n \"description\": \"This resource group must already exist\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setbypolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"rgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"storageDeployName\": \"[concat('policyStorage_', uniqueString(parameters('location'), parameters('nsgName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('nsgName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [\r\n \"[variables('storageDeployName')]\"\r\n ],\r\n \"properties\": {\r\n \"storageAccountId\": \"[reference(variables('storageDeployName')).outputs.storageAccountId.value]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('storageDeployName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('rgName')]\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-06-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[concat(parameters('storageprefix'), parameters('location'))]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"location\": \"[parameters('location')]\",\r\n \"tags\": {\r\n \"created-by\": \"policy\"\r\n },\r\n \"scale\": null,\r\n \"properties\": {\r\n \"networkAcls\": {\r\n \"bypass\": \"AzureServices\",\r\n \"defaultAction\": \"Allow\",\r\n \"ipRules\": [],\r\n \"virtualNetworkRules\": []\r\n },\r\n \"supportsHttpsTrafficOnly\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"storageAccountId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[resourceId(parameters('rgName'), 'Microsoft.Storage/storageAccounts',concat(parameters('storagePrefix'), parameters('location')))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('rgName')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb510bfd-1cba-4d9f-a230-cb0976f4bb71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed virtual machine SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for virtual machines.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cccc23c7-8427-4f53-ad12-b6a63eb452b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'department' tag set\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation only if the 'department' tag is set\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags\",\r\n \"containsKey\": \"department\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd8dc879-a2ae-43c3-8211-1877c5755064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Key Vault\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf820ca0-f99e-4f3e-84fb-66e913812d21\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Function Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a Function app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a web application from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd2ea520-6b06-45c3-806e-ea297c23e06a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e01598e8-6538-41ed-95e8-8b29746cd697\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor OS vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"osVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3576e28-8b17-4677-84c3-db2990658d64\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"global\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"notEquals\": \"Microsoft.AzureActiveDirectory/b2cDirectories\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e56962a6-4747-49cd-b67b-bf8b01975c4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Node.js Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Node.js version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestNodeJS\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e67687e8-08d5-4e7f-8226-5b4753bba008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations for resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that resource groups can be created in.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e765b5de-1225-4ba3-bd56-1ac6695af988\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within a web application must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e797f851-8be7-4c40-bb56-2e3395215b0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an API app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration and Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid110\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"NotInstalledApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"NotInstalledApplication\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[Parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0633351-c7b2-41ff-9981-508fc08553c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid121\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if they not logging to the LA workspace specified in the policy/initiative assignment.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"notEquals\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f47b5582-33ec-4c5c-87c0-b010a6b2e917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of authorization rules on Event Hub entities\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit existence of authorization rules on Event Hub entities to grant least-privileged access\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/eventhubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/eventHubs/authorizationRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4826e5f-6a27-407c-ae3e-9582eb39891d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Auditing on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\",\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8456c1c-aa66-4dfb-861a-25d127b775c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Service Bus\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Stream Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Stream Analytics\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingJobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits that the specified application is installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor SQL vulnerability assessment results in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedinstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"feedbf84-6b99-488c-acc2-71c829aa5ffc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage_httpsTrafficOnly\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/023217dd-81bb-461f-93ea-8799caac50c7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"023217dd-81bb-461f-93ea-8799caac50c7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"This shouldn't work\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This customer's policy is attempting to append multiple tags at once. I expect it will just append one tag with a really long name\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"value\": [\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04183864-11ae-4e7a-aadb-c600e40ed1b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04183864-11ae-4e7a-aadb-c600e40ed1b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Inherit named tag from resource group\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Applies the tag value from the resource group if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[resourcegroup().tags[parameters('tagName')]]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04904947-4d10-4454-9a50-f423d590e11b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04904947-4d10-4454-9a50-f423d590e11b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robga-nsgtemplate-test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ddfee46-9b63-4313-a529-cfbf968d8118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ddfee46-9b63-4313-a529-cfbf968d8118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akif incident - 85944710\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 85944710\\nhttps://icm.ad.msft.net/imp/v3/incidents/details/85944710/home\\n\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af12870bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af12870bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"second attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af1287abe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af1287abe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/123c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"123c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim nsg repro\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"fix\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/14ac45e9-df97-455d-b6ee-dd216f15f694\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"14ac45e9-df97-455d-b6ee-dd216f15f694\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim-incident-86226837-fix\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"1 - reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/15358dd8-671e-4c96-be33-2b668791418f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"15358dd8-671e-4c96-be33-2b668791418f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Attempt service bus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logProfiles\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logProfiles/serviceBusRuleId\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/163c640e-681c-445f-92ba-cd434bd8c11c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"163c640e-681c-445f-92ba-cd434bd8c11c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.zyx\",\r\n \"exists\": \"false\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/17d43473-870f-4bc8-93c6-3961fa1d91cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17d43473-870f-4bc8-93c6-3961fa1d91cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit all tags\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"tags\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags\",\r\n \"value\": \"[resourceGroup().tags]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1e3c9312-c011-40a3-ac40-3bf3ddc24120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e3c9312-c011-40a3-ac40-3bf3ddc24120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource group locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Allowed resource group locations\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f20036f-28c3-48f3-9266-05d50fe391f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f20036f-28c3-48f3-9266-05d50fe391f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"docdb_aliases_test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/isVirtualNetworkFilterEnabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f5360b7-fe59-43f7-8af5-825df420d09c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f5360b7-fe59-43f7-8af5-825df420d09c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ovewrites security rules with IP restrictions at the securityRule level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Limit to one protocol. The most inclusive should come last. I.e. 22;22-22;22-23\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"priority\": {\r\n \"type\": \"int\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[parameters('fullRuleName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-02-01\",\r\n \"properties\": {\r\n \"protocol\": \"*\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[last(parameters('destinationPortRanges'))]\",\r\n \"access\": \"Allow\",\r\n \"direction\": \"Inbound\",\r\n \"priority\": \"[parameters('priority')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[field('Microsoft.Network/networksecurityGroups/securityRules/priority')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"20c4afd0-8a77-4433-b8b0-4ad06e4c7111\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy NSGs on Subnets\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforce that all subnets have a Network Security Group. If a subnet does not have one an NSG with the default Internet Exposed Endpoint restrictions will be created and associated with it.\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string to apply to all automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges must not overlap.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks/subnets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"notEquals\": \"null\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgPrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"nsgName\": \"[concat(parameters('nsgPrefix'), '-', parameters('location'))]\",\r\n \"vnetName\": \"[split(parameters('fullResourceName'), '/')[0]]\",\r\n \"vnetResourceId\": \"[resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))]\",\r\n \"getVnetDeploymentName\": \"[concat('getVnet-', variables('vnetName'))]\",\r\n \"collectSubnetsDeploymentName\": \"[concat('collectSubnets-', variables('vnetName'))]\",\r\n \"overwriteVnetDeploymentName\": \"[concat('overwriteVnet-', variables('vnetName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"vnetProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('vnetResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[variables('nsgName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"securityRules\": [\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Restrict\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from specific IP ranges (either corpnet or SAW)\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3997,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_AllowVnet\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from within the VNET\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"VirtualNetwork\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3998,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Deny\",\r\n \"properties\": {\r\n \"description\": \"Deny any controlled port connections that aren't explicitly allowed in higher priority rules\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 3999,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_AllowAll\",\r\n \"properties\": {\r\n \"description\": \"Allow all inbound traffic that isn't explicitly blocked by Port Lockdown restrictions\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 4000,\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectSubnetsDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_collectSubnets_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"nsgResourceId\": {\r\n \"value\": \"[resourceid('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"dependsOn\": [\r\n \"[variables('nsgName')]\"\r\n ],\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_overwriteVnet_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"updatedSubnets\": {\r\n \"value\": \"[reference(variables('collectSubnetsDeploymentName')).outputs.updatedSubnets.value]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"nsgPrefix\": {\r\n \"value\": \"[parameters('nsgPrefix')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/210ed8bd-6b07-4d5e-a62c-c34f07293288\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"210ed8bd-6b07-4d5e-a62c-c34f07293288\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit all Microsoft.Web/sites/config/authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/211a466d-b2be-46e8-b029-8c28f566f118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"211a466d-b2be-46e8-b029-8c28f566f118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of a tag2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits that a required tag is present on resources\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"notcontainsKey\": \"[parameters('tagName')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24813039-7534-408a-9842-eb99f45721b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append single location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.locationTest\",\r\n \"value\": \"[parameters('allowedLocation')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin oms vm linux parameterized effect\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"263f13f4-6b88-4788-bead-34beedde70ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test guest assignment\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/28e54a72-2fd7-40d3-afe2-b05423e0147a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"28e54a72-2fd7-40d3-afe2-b05423e0147a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"2nd attempt on this policy. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"notIn\": \"[parameters('allowedLocations')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd60841400\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd60841400\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-combined\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"the combined policy attempt for both cosmos db cases. \",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"locationNames\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd6084180f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd6084180f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage ip rules append 2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.ipRules\",\r\n \"value\": [\r\n {\r\n \"value\": \"8.8.8.8\",\r\n \"action\": \"Allow\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/2b2317a7-ab02-47b5-8159-eb7e6227709f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2b2317a7-ab02-47b5-8159-eb7e6227709f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[demo] Enforce KeyVault diagnostic log storage\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"[tolower(concat('cheggkv', parameters('location')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('cheggremdemo', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/332ce4ac-9200-4573-8c66-92b85fc82c8d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"332ce4ac-9200-4573-8c66-92b85fc82c8d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_enableAutomaticFailover\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/enableAutomaticFailover\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_defaultConsistencyLevel\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/consistencyPolicy.defaultConsistencyLevel\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0b7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_readLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_writeLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_failoverPolicies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd160\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c0df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c0df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL and Managed Instance TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c144\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c144\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services vaults test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"vault\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vault\",\r\n \"description\": \"The Recovery Services Vault.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n },\r\n \"vaults\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vaults\",\r\n \"description\": \"The list of Recovery Services Vaults.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('vault')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('vaults')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b2c1b0f-63c5-4943-8578-6d37fbe411bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b2c1b0f-63c5-4943-8578-6d37fbe411bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b788cf8-ff6f-4075-86a1-ab76270790e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b788cf8-ff6f-4075-86a1-ab76270790e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3cc5820a-cbb8-4977-9c90-d90ced95f12c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3cc5820a-cbb8-4977-9c90-d90ced95f12c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Name should have prefix and suffix\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Name should have prefix and suffix\",\r\n \"parameters\": {\r\n \"prefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The prefix\",\r\n \"description\": \"The name prefix\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"suffix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The suffix\",\r\n \"description\": \"The name suffix.\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('prefix'), '*', parameters('suffix'))]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e275e2e-a157-4ade-8f91-43b3ea370007\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e275e2e-a157-4ade-8f91-43b3ea370007\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Restrict VM skus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Restricts allowed VM skus to a predefined regex\",\r\n \"parameters\": {\r\n \"allowedSkuTemplate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed VM sku template\",\r\n \"description\": \"The VM sku template. Supports wildcards via '*'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"like\": \"[parameters('allowedSkuTemplate')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e34c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e34c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKU\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits the use of storage account SKUs that don't meet organizational cost policy.\",\r\n \"parameters\": {\r\n \"listOfAllowedSkus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of allowed SKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSkus')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e3682\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e3682\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaDataFactoryTest1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"RobgaDataFactoryTest\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataFactory/factories\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/robgatestworkspace/providers/Microsoft.OperationalInsights/workspaces/robgatestworkspace\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce autoUpgrade on VM/VMSS extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies any VM or VMSS extensions that do not have autoUpgradeMinorVersion set to true.\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f772\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f772\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically enabled autoUpgradeMinorVersion on VM extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f783\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f783\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM scale set extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically appends autoUpgradeMinorVersion=true to VMSS extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f7a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f7a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService must use serverFarm\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService serverFarm must have capacity > 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/serverFarms\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/serverFarms/sku.capacity\",\r\n \"in\": [\r\n \"0\",\r\n \"1\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc23\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc23\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Definition to be deleted.\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy will deploy a key vault named KV_B if a key vault named KV_A does not exist.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"KV_B\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-10-01\",\r\n \"name\": \"KV_A\",\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"location\": \"eastus2\",\r\n \"properties\": {\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"sku\": {\r\n \"family\": \"A\",\r\n \"name\": \"standard\"\r\n },\r\n \"accessPolicies\": []\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/48ba81c1-0012-4796-8166-c2efb4304190\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48ba81c1-0012-4796-8166-c2efb4304190\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Do_Not_Delete\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy is used for unit tests. Please do not delete it.\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4a0425e4-97bf-4ad0-ab36-145b94083c60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4a0425e4-97bf-4ad0-ab36-145b94083c60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny MySQL firewallRules starting with 0\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4b94c320-ce63-4fb6-ba9d-7dbe648b90de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4b94c320-ce63-4fb6-ba9d-7dbe648b90de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83686598\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"deny the creation of storage if supportsHttpsTrafficOnly is false\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"detect 'allow All' NSG rule\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c915617-16f0-4c62-b021-e66d5409d11d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c915617-16f0-4c62-b021-e66d5409d11d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332195\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332199\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332199\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny storage container creation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts/blobServices/containers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4d2f8837-7acb-4488-b580-95960ee3f116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d2f8837-7acb-4488-b580-95960ee3f116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure auto-created NSG rules exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ensures that security rules created in auto-created PortLockdown NSGs are not tampered with\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string applied to automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to in the expected security rule. I.e. 192.4.0.0/8;192.5.0.0/8 or *\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions in the expected security rule\"\r\n }\r\n },\r\n \"priority\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected priority\",\r\n \"description\": \"The priority of the expected security rule.\"\r\n }\r\n },\r\n \"access\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected access\",\r\n \"description\": \"The access (allow/deny) of the expected security rule.\"\r\n },\r\n \"allowedValues\": [\r\n \"Allow\",\r\n \"Deny\"\r\n ]\r\n },\r\n \"name\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected name\",\r\n \"description\": \"The name of the expected security rule.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('nsgPrefix'), '-', field('location'))]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"equals\": \"[parameters('priority')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"[parameters('access')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"name\": {\r\n \"type\": \"string\"\r\n },\r\n \"priority\": {\r\n \"type\": \"string\"\r\n },\r\n \"access\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"isSinglePrefix\": \"[equals(count(parameters('sourceAddressPrefixes')), 1)]\",\r\n \"isSinglePortRange\": \"[equals(count(parameters('destinationPortRanges')), 1)]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('nsgName'), '/', parameters('name'))]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"properties\": {\r\n \"description\": \"Rule auto-created by Internet Exposed Endpoints protection\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[if(variables('isSinglePortRange'), first(parameters('destinationPortRanges')), '')]\",\r\n \"destinationPortRanges\": \"[if(not(variables('isSinglePortRange')), parameters('destinationPortRanges'), json('[]'))]\",\r\n \"sourceAddressPrefix\": \"[if(variables('isSinglePrefix'), first(parameters('sourceAddressPrefixes')), '')]\",\r\n \"sourceAddressPrefixes\": \"[if(not(variables('isSinglePrefix')), parameters('sourceAddressPrefixes'), json('[]'))]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"[parameters('access')]\",\r\n \"priority\": \"[int(parameters('priority'))]\",\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"name\": {\r\n \"value\": \"[parameters('name')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[parameters('priority')]\"\r\n },\r\n \"access\": {\r\n \"value\": \"[parameters('access')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f283ec4-25a9-46df-bbf2-806ed5a3e115\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rs defaultvalue backslash\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Extensions to Exclude\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \".FWD;.GSC;.GSE;.MYD;.MYI;.SMD;.VAC;.BAK;.CHK;.FRM;.LDF;.LOG;.MBX;.MDF;.NDF;.TRN;.UND;.UNF;.UNH;.UNI;.UNQ;.UNS;.VHD;.VMDX;.WCI;.EDB;.SDS\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Paths to Exclude\",\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Sysvol;C:\\\\ProgramData\\\\Microsoft\\\\SharePoint;C:\\\\Program Files\\\\Common Files\\\\Microsoft Shared\\\\Web Server Extensions;C:\\\\Program Files\\\\Operations Manager;C:\\\\Program Files\\\\Microsoft Monitoring Agent;C:\\\\Program Files\\\\Microsoft Office Servers;C:\\\\Program Files\\\\Microsoft System Center 2012 R2\\\\Server;C:\\\\Program Files\\\\System Center Operations Manager;C:\\\\Program Files\\\\System Center Operations Manager 2007;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\NTDS;C:\\\\Windows\\\\System32\\\\LogFiles;C:\\\\Windows\\\\Sysvol;C:\\\\Program Files\\\\Double-Take Software;C:\\\\Program Files\\\\DoubleTake;C:\\\\Program Files\\\\Exchsrvr;C:\\\\Program Files\\\\Ipswitch;C:\\\\Program Files\\\\LogMeIn;C:\\\\Windows\\\\SoftwareDistribution\\\\Datastore;C:\\\\Windows\\\\Temp\\\\Gthrsvc\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Processes to Exclude\",\r\n \"description\": \"Semicolon delimited list of processes to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"HealthService.exe;ManagementService.exe;Microsoft.Mom.Sdk.Service.exe;Microsoft.Mom.ConfigServiceHost.exe;MonitoringHost.exe;pagefile.sys\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable real time protection\",\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Scheduled scans\",\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n },\r\n \"defaultValue\": \"false\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Scheduled Scan Type\",\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n },\r\n \"defaultValue\": \"Quick\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Day of Scheduled Scan\",\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n },\r\n \"defaultValue\": \"7\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Time of Scheduled Scan\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"120\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"value\": \"[parameters('ExclusionsExtensions')]\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"value\": \"[parameters('ExclusionsPaths')]\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"value\": \"[parameters('ExclusionsProcesses')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"[parameters('RealtimeProtectionEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsIsEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsDay')]\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsTime')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50877efd-8dd9-43d5-b4e6-3b70e64311b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50877efd-8dd9-43d5-b4e6-3b70e64311b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy key vault KV_B if key vault KV_A does not exist.\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy will deploy a key vault named KV_B if a key vault named KV_A does not exist.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"KV_B\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-10-01\",\r\n \"name\": \"KV_A\",\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"location\": \"eastus2\",\r\n \"properties\": {\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"sku\": {\r\n \"family\": \"A\",\r\n \"name\": \"standard\"\r\n },\r\n \"accessPolicies\": []\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50e2972e-143c-4edf-9ef6-bee0f84212d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaTestRbac\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Authorization/roleAssignments/principalId\",\r\n \"equals\": \"Admin\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/560482cd-dac5-41e6-9cef-b0aecd6020de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"560482cd-dac5-41e6-9cef-b0aecd6020de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"GokmenhAuditLocation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit if not west us\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5948d091-78b7-4d3b-a404-cc6a0329b0c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5948d091-78b7-4d3b-a404-cc6a0329b0c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"deployifnotexist template alias tests - redis\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/Redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/sku.family\",\r\n \"equals\": \"C\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"Whatever*\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"type\": \"string\"\r\n },\r\n \"nameField\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuFamilyOut\": {\r\n \"value\": \"[parameters('skuFamily')]\",\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPortOut\": {\r\n \"value\": \"[parameters('enableNonSslPort')]\",\r\n \"type\": \"string\"\r\n },\r\n \"nameFieldOut\": {\r\n \"value\": \"[parameters('nameField')]\",\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/sku.family')]\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/enableNonSslPort')]\"\r\n },\r\n \"nameField\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"exists\": \" false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca376\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca376\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86318519\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86318519\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallrules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"AllowAllWindowsAzureIps\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca600\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca600\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"exists\": \"true\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"notIn\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca8d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca8d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Test storage alias\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Test storage alias\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"type\": \"string\"\r\n },\r\n \"encrypt\": {\r\n \"type\": \"string\"\r\n },\r\n \"accessTier\": {\r\n \"type\": \"string\"\r\n },\r\n \"skuName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuNameOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('skuName')]\"\r\n },\r\n \"accessTierOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('accessTier')]\"\r\n },\r\n \"httpsOnlyOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('httpsOnly')]\"\r\n },\r\n \"encryptOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('encrypt')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly')]\"\r\n },\r\n \"encrypt\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/enableBlobEncryption')]\"\r\n },\r\n \"accessTier\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/accessTier')]\"\r\n },\r\n \"skuName\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/sku.name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5fa69139-9a49-464e-90b5-0d243a469138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5fa69139-9a49-464e-90b5-0d243a469138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit costcenter tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"value\": \"[resourceGroup().tags.CostCenter]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6ced0d17-98f3-41e2-8038-08c8f4fb90e3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6ced0d17-98f3-41e2-8038-08c8f4fb90e3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim Apply allowed tag and its default value\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"3\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n },\r\n \"allowedValues\": [\r\n \"TagA\",\r\n \"TagB\"\r\n ]\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6d1735de-f3e3-4c40-a8b2-7b3a1042a895\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6d1735de-f3e3-4c40-a8b2-7b3a1042a895\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": null\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"3\"\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"Metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The metric operator.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"The timeAggregation.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"The window size.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"The evaluation frequency.\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The action group id.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('alertNamePrefix'), '*')]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(toLower(parameters('alertNamePrefix')), uniqueString(resourceGroup().id))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6f2c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6f2c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testImageId\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"css\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"contains\": \"resourceGroups/testSandipsh\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/70dc1e8d-61c9-4089-8bf5-895b227c1298\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"70dc1e8d-61c9-4089-8bf5-895b227c1298\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"policyTrackedResources-sdk-tests\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"notIn\": [\r\n \"policyTrackedResources-sdk-tests-rule1\",\r\n \"policyTrackedResources-sdk-tests-rule2\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule1')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule2')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2001,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny if blob is not encrypted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/74d5cf40-7293-46a4-a285-7ea971e3719a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"74d5cf40-7293-46a4-a285-7ea971e3719a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Location restriction\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Policy to force allocations to a set of given locations\",\r\n \"metadata\": {\r\n \"category\": \"cstack\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/763dcd1d-a4a9-46a8-8bd3-357c4533a335\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"763dcd1d-a4a9-46a8-8bd3-357c4533a335\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"chegg deploy VMSS extension\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"GenevaMonitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Geneva\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-01\",\r\n \"name\": \"[concat(parameters('vmssName'), '/', 'genevaExtension2')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Geneva\",\r\n \"type\": \"GenevaMonitoring\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {}\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/767d74dd-8fe3-4ef2-a38a-52164f9230da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"767d74dd-8fe3-4ef2-a38a-52164f9230da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83577342 deny proxy resource location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/83577342/home\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"eastus\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingjobs/transformations\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/77429b44-aac1-4417-a53e-6900c07e11ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"77429b44-aac1-4417-a53e-6900c07e11ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Block TLS < 1.2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/slots/config\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\r\n \"notEquals\": \"1.2\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/78c5df31-2f05-4f4d-acfe-3e536d88c1bc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"78c5df31-2f05-4f4d-acfe-3e536d88c1bc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny ActiveDirectory administrators\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/administrators/administratorType\",\r\n \"equals\": \"ActiveDirectory\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash weird chars\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR!@#$%^&*()_+=-{}[];:',.<>?~`/;C:\\\\hello\\\\there\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7f4d769f-78db-46eb-ac3c-0b8214f8c245\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f4d769f-78db-46eb-ac3c-0b8214f8c245\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock v2\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/83daa8ee-7c9a-470c-81a8-5a99ac09d134\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83daa8ee-7c9a-470c-81a8-5a99ac09d134\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"northwell.io\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/86cd412c-c557-473b-984c-a5f15cdcb116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86cd412c-c557-473b-984c-a5f15cdcb116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Parameterized effect (if location != eastus)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The policy effect.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"eastus\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"885f1dcb-a9c5-4c8c-8996-2702db44a2d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.xyz\",\r\n \"exists\": false\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8959fd87-c1dd-4831-9034-a4f876bee1cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8959fd87-c1dd-4831-9034-a4f876bee1cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Kubernetes ingress policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Only specified ingress is allowed based on names\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere applicability test 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/whatever\"\r\n },\r\n {\r\n \"field\": \"tags.applicability\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8e6b598c-1a45-404b-97dd-983e37c040da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8e6b598c-1a45-404b-97dd-983e37c040da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_ipRangeFilter\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/ipRangeFilter\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9012b1cd-b045-46c6-a510-6137e06a009c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash (array)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": [\r\n \"C:\\\\rs-pkgs\",\r\n \"C:\\\\System Volume Information\\\\DFSR\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/985adbc0-6d2e-448a-ac26-89d3688191d5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"985adbc0-6d2e-448a-ac26-89d3688191d5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github209\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/virtualNetworkRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9a060c03-fda7-4b0a-b4da-15e2b7e4d117\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9a060c03-fda7-4b0a-b4da-15e2b7e4d117\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - Subscription Lvl test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Subscriptionlevel auditIfNotExist policy\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a1b067c8-2970-4c0b-b0da-31ae7f33d1de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1b067c8-2970-4c0b-b0da-31ae7f33d1de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Noop\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Don't do anything\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"yabba\",\r\n \"dabba\",\r\n \"doo\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a309ad64-0bae-48d9-a6b1-d99c0b4218b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a309ad64-0bae-48d9-a6b1-d99c0b4218b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyof\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a337c781-c7d8-4e12-ae69-1951c7e74378\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a337c781-c7d8-4e12-ae69-1951c7e74378\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127 - better\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\",\r\n \"Deny\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"81196380\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure https traffic only for storage account\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure https traffic only for storage account\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"true\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscription name tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"add subscription name tag\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionname\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionname\",\r\n \"value\": \"[subscription().displayName]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d82a2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d82a2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Add subscription \\\"id\\\" tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.id\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.id\",\r\n \"value\": \"[subscription().id]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8339\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8339\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscriptionId tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionId\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionId\",\r\n \"value\": \"[subscription().subscriptionId]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8635\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8635\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgaNSGtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/aeb6a524-e3d1-4b8a-afa8-26ae4e291116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aeb6a524-e3d1-4b8a-afa8-26ae4e291116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed Location Indexed\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"hackathon policy\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Allowed-Locations-Indexed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Allowed-Locations-Indexed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if antiMalware extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy audits if the anti malware extension .\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/antiMalwareExtensionExists\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"antiMalwareExtensionExists\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Web socket must be disabled on App Services\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures web sockets are disabled on App Services.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/AppServiceWebSockets\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"AppServiceWebSockets\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure Security Center must be enabled\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures Azure Security Center is enabled.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ASCEnabled\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ASCEnabled\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and it's value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and its value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits if a required extension doesn't exist.\",\r\n \"parameters\": {\r\n \"publisher\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The publisher of the extension\",\r\n \"displayName\": \"Extension Publisher\"\r\n }\r\n },\r\n \"type\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The type of the extension\",\r\n \"displayName\": \"Extension Type\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"[parameters('publisher')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"[parameters('type')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/audit-vm-extension\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"audit-vm-extension\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"CanCrudPolicyAssignment Policy Definition $[Auto Test]\",\r\n \"policyType\": \"Custom\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"ResourceProviderTestHost/TestResourceType/TestResourceTypeNestedOne/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/azsmnet6487\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"azsmnet6487\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"89322663 audit diag setting\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"description\": \"The list of resources types to audit for missing diagnostic log settings.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"details\": {\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"equals\": \"true\",\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\"\r\n }\r\n ]\r\n },\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\"\r\n },\r\n \"effect\": \"AuditIfNotExists\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b350b9b0-8ba5-4867-bc9c-63b4544671b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b350b9b0-8ba5-4867-bc9c-63b4544671b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"makharchtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"policy\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b36f6195-0fc5-4a41-bbce-875248400f5f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b36f6195-0fc5-4a41-bbce-875248400f5f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash really long string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b9203c56-0565-434a-a315-87f4da9f21b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b9203c56-0565-434a-a315-87f4da9f21b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"NSG Rules exists test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].protocol\",\r\n \"notLike\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/bb6a78ae-8737-41e0-9c41-cc777c8c00a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bb6a78ae-8737-41e0-9c41-cc777c8c00a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c0f586f1-abe5-4801-8588-7332e49e60c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c0f586f1-abe5-4801-8588-7332e49e60c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"234\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logprofiles\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/logprofiles\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Doublecheck the lifecycle tag policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy refers to tags['Lifecycle'], which with the current implementation of the escaped tags syntax will refer to a tag named 'Lifecycle' (quotes and all). This is a customer policy that would be broken when I switch the meaning of tags['Lifecycle'] to refer simply to a tag named Lifecycle (no quotes)\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['Lifecycle']\",\r\n \"notIn\": [\r\n \"dev\",\r\n \"tst\",\r\n \"stg\",\r\n \"prd\",\r\n \"trn\",\r\n \"prf\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c6be98a9-8108-40aa-b726-d2ae8e2891b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c6be98a9-8108-40aa-b726-d2ae8e2891b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe resource group auditIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c7b9982d-2f50-4730-935f-5c241982a441\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c7b9982d-2f50-4730-935f-5c241982a441\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed resource types\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": \"The list of allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('allowedTypes')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c872f951-1c5d-4c61-89dd-aee2350a11ba\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8b79b49-a579-4045-984e-1b249ab8b474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8cedfaa-4aa0-465a-8b90-49caf8177158\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8cedfaa-4aa0-465a-8b90-49caf8177158\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere css block NSG changes\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/95894791/home\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"nsgName\",\r\n \"description\": \"The name of the NSG.\"\r\n },\r\n \"defaultValue\": \"nsgName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('nsgName')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"fullName\",\r\n \"like\": \"[concat(parameters('nsgName'), '/*')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ca01432d-4278-45a6-8137-69f2155d2248\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ca01432d-4278-45a6-8137-69f2155d2248\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin empty string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure resource names meet the like condition for a pattern.\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"namePattern\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"namePattern\",\r\n \"description\": \"Pattern to use for names. Can include wildcard (*).\"\r\n },\r\n \"allowedValues\": [\r\n \"\",\r\n \"one\",\r\n \"two\"\r\n ],\r\n \"defaultValue\": \"\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('namePattern')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"camarvin-test-empty-assign\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere append 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.test\",\r\n \"value\": \"1\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny on 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.test\",\r\n \"equals\": \"1\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Resource name contains resource group name\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Require resources to contain the resource group's name\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"notContains\": \"[resourceGroup().name]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/contain-resource-group-name\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"contain-resource-group-name\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v3\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"third attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5002\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-deployIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"deploys a delete lock for a resource \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/0b88dfdb-55b3-4fb0-b474-5b6dcbe6b2ef/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"CanNotDelete\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {},\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"apiVersion\": \"2015-01-01\",\r\n \"name\": \"DeleteLock\",\r\n \"properties\": {\r\n \"level\": \"CanNotDelete\",\r\n \"notes\": \"prevent deletion\"\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5632\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5632\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce KeyVault diagnostic log storage (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"elperetest\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('elpere', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d0d9349d-843c-443a-9f27-5ce84f08c37e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d0d9349d-843c-443a-9f27-5ce84f08c37e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Access KV as part of remidiation deployment test (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"hello\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"outputs\": {\r\n \"testSecretOutput\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('testSecret')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"reference\": {\r\n \"keyVault\": {\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/elpere/providers/Microsoft.KeyVault/vaults/elpereKv\"\r\n },\r\n \"secretName\": \"test\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d35ce9be-f51b-4d3e-bc7f-dde2936381b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d35ce9be-f51b-4d3e-bc7f-dde2936381b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs (NSG level)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Overwrites security rules with IP restrictions at the NSG level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges may overlap.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"getNsgDeploymentName\": \"[concat('getNSGContent-', parameters('nsgName'))]\",\r\n \"collectorDeploymentName\": \"[concat('collectRules-', parameters('nsgName'))]\",\r\n \"overwriteNsgDeploymentName\": \"[concat('overwriteNsg-', parameters('nsgName'))]\",\r\n \"nsgResourceId\": \"[resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"nsgProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('nsgResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectorDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_collectRules_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"nsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"portRangesToRestrict\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_overwriteNSG_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"originalNsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"updatedSecurityRules\": {\r\n \"value\": \"[reference(variables('collectorDeploymentName')).outputs.updatedSecurityRules.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d7b13c30-e6aa-47e1-b50a-8e33f152d086\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d7b13c30-e6aa-47e1-b50a-8e33f152d086\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Audited skus\",\r\n \"description\": \"The list of skus.\",\r\n \"strongType\": \"storageSkus\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e90ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e90ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List Of Allowed SKUs\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"vmSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e9170\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e9170\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[elpere] deployIfNotExists Runners test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"deployIfNotExistsTestsRule\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/deployIfNotExistsTestsRule')]\",\r\n \"properties\": {\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbfa9fc0-5202-4001-8759-1aa2387f825b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbfa9fc0-5202-4001-8759-1aa2387f825b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"allowedOS\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"test_sandipsh\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedWindows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Windows VMs\",\r\n \"description\": \"The list of allowed VMs for Windows.\"\r\n }\r\n },\r\n \"listOfAllowedUbuntus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Ubuntu VMs\",\r\n \"description\": \"The list of allowed VMs for Ubuntu.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/disks\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"Canonical\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"UbuntuServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedUbuntus')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedWindows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services backup policies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"policies\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policies\",\r\n \"description\": \"The list of allowed Recovery Services backup policies.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n },\r\n \"policy\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policy\",\r\n \"description\": \"Allowed Recovery Services backup policy.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('policies')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('policy')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e3f9a624-b17d-4dc8-9649-65814d3241bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3f9a624-b17d-4dc8-9649-65814d3241bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"authSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their logs config\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"logs\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny changing sites authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"defaultValue: all parameters\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"defaultValue\"\r\n },\r\n \"parameters\": {\r\n \"locations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array)\",\r\n \"description\": \"The list of locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": [\r\n \"eastus\",\r\n \"westus\"\r\n ]\r\n },\r\n \"location\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string)\",\r\n \"description\": \"The location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"resourceGroups\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array)\",\r\n \"description\": \"The list of resource groups.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": [\r\n \"camarvin\"\r\n ]\r\n },\r\n \"resourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string)\",\r\n \"description\": \"The resource group.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": \"camarvin\"\r\n },\r\n \"tags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array)\",\r\n \"description\": \"The list of tags.\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"tag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string)\",\r\n \"description\": \"The tag.\"\r\n },\r\n \"defaultValue\": \"\"\r\n },\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array, av)\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": [\r\n \"eastus\"\r\n ]\r\n },\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string, av)\",\r\n \"description\": \"The allowed location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"allowedStorageSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array, av)\",\r\n \"description\": \"The list of allowed storage SKUs for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ]\r\n },\r\n \"allowedStorageSKU\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string, av)\",\r\n \"description\": \"The allowed storage SKU for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": \"Standard_LRS\"\r\n },\r\n \"allowedTags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array, av)\",\r\n \"description\": \"The list of allowed tags.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ]\r\n },\r\n \"allowedTag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string, av)\",\r\n \"description\": \"The allowed tag.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": \"FirstName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('locations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('resourceGroups')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('resourceGroup')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('tags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('tag')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedStorageSkus')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"Equals\": \"[parameters('allowedStorageSku')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedTags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"NotEquals\": \"[parameters('allowedTag')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ea1688b3-022e-4add-af39-2fe60689a3b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ea1688b3-022e-4add-af39-2fe60689a3b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny \\\"Allow All\\\" NSG rules\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies the creation of sourceAddressPrefix=\\\"*\\\", destinationPortRange=\\\"*\\\" NSG security rules\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"PortLockdown_AllowAll\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"notEquals\": \"4000\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github264\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/siteAuthSettings.enabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ef00ee9d-fe45-4d14-8bee-789eea392116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ef00ee9d-fe45-4d14-8bee-789eea392116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy enables you to audit your location.\",\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/LocationAuditDefinition\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"LocationAuditDefinition\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"northeurope\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/policy2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"policy2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps6386\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps6386\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps8886\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps8886\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9652\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps9652\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test policy\",\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testSandipsh.draft\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testSandipsh.draft\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testtest\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"testtest\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testtest\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testtest\"\r\n }\r\n ]\r\n}", + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines without disaster recovery configured\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"ASR-Protect-*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an Function app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"001802d1-4969-4c82-a700-c29c6c6f9bbd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"053d3325-282c-4e5c-b944-24faffd30d77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Data Lake Store\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057ef27e-665e-4328-8ea3-04b3122bd9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL DB Level Audit Setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit DB level audit setting for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit VMs that do not use managed disks\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0868462e-646c-4fe3-9ced-a733534b6a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08b17839-76c6-4015-90e0-33d9d54d219c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit minimum number of owners for subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate more than one subscription owner in order to have administrator access redundancy.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateMoreThanOneOwner\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted VM Disks in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0961003e-5a0a-4549-abde-af6a37f2724d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit resource location matches resource group location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that the resource location matches its resource group location\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"notIn\": [\r\n \"[resourcegroup().location]\",\r\n \"global\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a914e76-4921-4c19-b460-a2d36003525a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an function app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e60b895-3786-45da-8377-9c6b4b6ac5f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11ac78e3-31bc-4f0c-8434-37ab963cea07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the required content to audit that an application is installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"WhitelistedApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WhitelistedApplication\"\r\n },\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"installedApplication\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[Parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit transparent data encryption status\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit transparent data encryption status for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"enabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17k78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1c210e94-a481-4beb-95fa-1571b434fb04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicCompute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d84d5fb-01f6-4d12-ba4f-4a26081d403d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1de7b11d-1870-41a5-8181-507e7c663cfb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enforces a required tag and its value. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e30110a-5ceb-460c-a204-c1c3969c6d62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit provisioning of an Azure Active Directory administrator for SQL server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/administrators\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f314764-cb73-4fc9-b863-8eca98ac36e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected web application in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Web applications without a Web Application Firewall protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\",\r\n \"Microsoft.Web/hostingEnvironments\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201ea587-7c90-41c3-910f-c280ae01cfd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a API app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"224da9fe-0d38-4e79-adb3-0a6e2af942ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of only secure connections to your Redis Cache\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Cache\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22bee202-a82f-4305-9a2a-6d7f44d4dedb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordLength\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordLength\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit configuration of metric alert rules on Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit configuration of metric alert rules on Batch account to enable the required metric\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/alertRules\",\r\n \"existenceScope\": \"Subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\r\n \"equals\": \"[parameters('metricName')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\r\n \"equals\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', field('name'))]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Microsoft IaaSAntimalware extension for Windows Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys a Microsoft IaaSAntimalware extension with a default configuraion when a VM is not configured with the antimalware extension.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of process names to exclude from scanning\"\r\n }\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"false\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Quick\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"7\",\r\n \"metadata\": {\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"120\",\r\n \"metadata\": {\r\n \"description\": \"When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM.\"\r\n }\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2835b622-407b-4114-9198-6f7064cbe0dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Applies a required tag and its default value if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fde8a98-6892-426a-83ba-050e640c0ce0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32133ab0-ee4b-4b44-98d6-042180979d50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid232\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"equals\": \"Allow\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34c877ad-507e-4c82-993e-3452a6e0ad3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Logic Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Logic Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34f95f76-5386-4de7-b824-0d8478470c9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MaximumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MaximumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enablement of encryption of Automation account variables\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is important to enable encryption of Automation account variable assets when storing sensitive data\",\r\n \"metadata\": {\r\n \"category\": \"Automation\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts/variables\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Automation/automationAccounts/variables/isEncrypted\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3657f5a0-770e-44a3-b44e-9431ba1e9735\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Threat Detection is enabled on SQL Servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicStorage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in IoT Hubs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Internet of Things\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Devices/IotHubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"383856f8-de7f-44a2-81fc-e5135b5c2aa4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c1b3629-c8f8-4bf6-862c-037cb9094038\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Log Analytics Agent for Ubuntu VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace\",\r\n \"metadata\": {\r\n \"category\": \"Compute\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\",\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\",\r\n \"14.04.2-LTS\",\r\n \"12.04.5-LTS\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fe37002-5d00-4b37-a301-da09e3a0ca66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit secure transfer to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit requirment of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"404c3081-a854-4457-ae30-26a93ef643f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"428256e6-1fac-4f48-a757-df34c2b3336d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor permissive network access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"permissiveNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44452482-524f-4bf4-b852-0bff7cc4a3ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require SQL Server version 12.0\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures all SQL servers use version 12.0\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/version\",\r\n \"equals\": \"12.0\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46544d7b-1f0d-46f5-81da-5c1351de1b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce automatic OS upgrade with app health checks on VMSS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces usage of automatic OS upgrade with application health checks through health probes, which enables safer rollout by evaluating application health after each OS upgrade batch.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade\",\r\n \"equals\": \"True\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/networkProfile.healthProbe.id\",\r\n \"exists\": \"False\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f0161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible app Whitelisting in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible Application Whitelist configuration will be monitored by Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"applicationWhitelisting\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47a6b606-51aa-4496-8bb7-64b11cf66adc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48893b84-a2c8-4d9a-badf-835d5d1b7d53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Applies a required tag and its default value to resource groups if it is not specified by the user.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d1c04de-2172-403f-901b-90608c35c721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit maximum number of owners for a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateLessThanXOwners\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healty\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f11b553-d42e-4e3a-89be-32ca364cad4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with write permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df82f4f-773a-4a2d-97a2-422a806f1a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in India data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: West India, South India, Central India\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with read permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit the setting of ClusterProtectionLevel property to EncryptAndSign in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].name\",\r\n \"notEquals\": \"Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name\",\r\n \"notEquals\": \"ClusterProtectionLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value\",\r\n \"notEquals\": \"EncryptAndSign\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"617c02be-7f02-4efd-8836-3180d47b6c68\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit missing blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits storage accounts without blob encryption. It only applies to Microsoft.Storage resource types, not other storage providers. Possible network Just In Time access will be monitored by Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"655cb504-bcee-4362-bd4c-402e6aa38759\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a Function app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"664346d9-be92-43fb-a219-d595eeb76a90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a web application from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8450e2-6c61-43b4-be65-62e3a197bffe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization cannot deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that cannot be deployed.\",\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesNotAllowed')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdb9205-3462-4cfc-87d8-16c7860b53f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"EnforcePasswordHistory\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed storage account SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"StorageSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7433c107-6db4-4ad1-b57a-a76dce0154a1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in App Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"752c6934-9bcc-4749-b004-655e676ae2ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor VM Vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"vulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"760a85ff-6162-42b3-8d70-698e268f648c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"IaaSDiagnostics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Diagnostics\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"LinuxDiagnostic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.OSTCExtensions\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c1b1214-f927-48bf-8882-84f0af6588b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e56b49b-5990-4159-a734-511ea19b731c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordMustMeetComplexityRequirements\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit diagnostic setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f89b1eb-583c-429a-8828-af049802c1d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a214f7-d01a-484b-91a9-ed54470c9a6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy SQL DB transparent data encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enables transparent data encryption on SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('fullDbName'), '/current')]\",\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"apiVersion\": \"2014-04-01\",\r\n \"properties\": {\r\n \"status\": \"Enabled\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"value\": \"[field('fullName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing system updates in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Missing security system updates on your servers will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"systemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86b3d65f-7626-441e-b690-81a8b71cff60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"not_installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"not_installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"884b209a-963b-4520-8006-d20cb3c213e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces a required tag and its value on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce3da23-7156-49e4-b145-24f95f9dcb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"StorePasswordsUsingReversibleEncryption\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9297c21d-2ed6-4474-b48f-163f75654ce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in European data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: North Europe, West Europe\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"northeurope\",\r\n \"westeurope\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"94c19f19-8192-48cd-a11b-e37099d3e36b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in United States data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"centralus\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"northcentralus\",\r\n \"southcentralus\",\r\n \"westus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"983211ba-f348-4758-983b-21fa29294869\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9bfe3727-0a17-471f-a2fe-eddd6b668745\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected network endpoints in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network endpoints without a Next Generation Firewall's protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedNetworkEndpoint\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9daedab3-fb2d-461e-b861-71790eead4f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that can be deployed.\",\r\n \"displayName\": \"Allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesAllowed')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a08ec900-254a-4555-9bf5-e42af04b5c5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Service Bus namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1817ec0-a368-432a-8057-8371e17ac6ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a451c1ef-c6ca-483d-87ed-f49761e3ffb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL server level Auditing settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audits the existence of SQL Auditing at the server level\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Desired Auditing setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enabled\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit standard tier of DDoS protection is enabled for a virtual network\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableDDoSProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce encryption on Data Lake Store accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures encryption is enabled on all Data Lake Store accounts\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DataLakeStore/accounts/encryptionState\",\r\n \"equals\": \"Disabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7ff3161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unencrypted SQL servers or databases will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a8bef009-a5c9-4d0f-90d7-6018734e8a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy network watcher when virtual networks are created\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"networkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[field('location')]\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-09-01\",\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"name\": \"[concat('networkWacher_', parameters('location'))]\",\r\n \"location\": \"[parameters('location')]\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with owner permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa633080-8b72-40c4-a2d7-d00c03e80bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Automatic provisioning of security monitoring agent\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Installs security agent on VMs for advanced security alerts and preventions in Azure Security Center. Applies only for subscriptions that use Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"securityAgent\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abcc6037-1fc4-47f6-aac5-89706589be24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'environment' tag value in allowed values\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.environment\",\r\n \"in\": [\r\n \"production\",\r\n \"dev\",\r\n \"test\",\r\n \"staging\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"endpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af6cd1bd-1635-48cb-bde7-5b15693900b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unaudited SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"SQL servers and databases which doesn't have SQL auditing turned on will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"auditing\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af8051bf-258b-44e2-a2bf-165330459f9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible network Just In Time (JIT) access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"jitNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM /etc/passwd file permissions are set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Event Hub namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b278e460-7cfc-4451-8294-cccc40a940d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"AuditSecureProtocol\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AuditSecureProtocol\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs for Search service\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Search\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an API app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b48334a4-911b-4084-b1ab-3e6a4e50b951\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of Azure Active Directory for client authentication in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit usage of client authentication only via Azure Active Directory in Service Fabric\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b54ed75b-3e1a-44ac-a333-05ba39b99ff0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be0a7681-bed4-48dc-9ff3-f0171ee170b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Asia data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastasia\",\r\n \"southeastasia\",\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\",\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Data Lake Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply Diagnostic Settings for Network Security Groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy automatically deploys diagnostic settings to network security groups.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist)\",\r\n \"description\": \"This resource group must already exist\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setbypolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"rgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"storageDeployName\": \"[concat('policyStorage_', uniqueString(parameters('location'), parameters('nsgName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('nsgName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [\r\n \"[variables('storageDeployName')]\"\r\n ],\r\n \"properties\": {\r\n \"storageAccountId\": \"[reference(variables('storageDeployName')).outputs.storageAccountId.value]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('storageDeployName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('rgName')]\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-06-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[concat(parameters('storageprefix'), parameters('location'))]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"location\": \"[parameters('location')]\",\r\n \"tags\": {\r\n \"created-by\": \"policy\"\r\n },\r\n \"scale\": null,\r\n \"properties\": {\r\n \"networkAcls\": {\r\n \"bypass\": \"AzureServices\",\r\n \"defaultAction\": \"Allow\",\r\n \"ipRules\": [],\r\n \"virtualNetworkRules\": []\r\n },\r\n \"supportsHttpsTrafficOnly\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"storageAccountId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[resourceId(parameters('rgName'), 'Microsoft.Storage/storageAccounts',concat(parameters('storagePrefix'), parameters('location')))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('rgName')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb510bfd-1cba-4d9f-a230-cb0976f4bb71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed virtual machine SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for virtual machines.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cccc23c7-8427-4f53-ad12-b6a63eb452b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'department' tag set\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation only if the 'department' tag is set\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags\",\r\n \"containsKey\": \"department\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd8dc879-a2ae-43c3-8211-1877c5755064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Key Vault\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf820ca0-f99e-4f3e-84fb-66e913812d21\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Function Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a Function app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a web application from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd2ea520-6b06-45c3-806e-ea297c23e06a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e01598e8-6538-41ed-95e8-8b29746cd697\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor OS vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"osVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3576e28-8b17-4677-84c3-db2990658d64\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"global\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"notEquals\": \"Microsoft.AzureActiveDirectory/b2cDirectories\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e56962a6-4747-49cd-b67b-bf8b01975c4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Node.js Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Node.js version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestNodeJS\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e67687e8-08d5-4e7f-8226-5b4753bba008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations for resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that resource groups can be created in.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e765b5de-1225-4ba3-bd56-1ac6695af988\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within a web application must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e797f851-8be7-4c40-bb56-2e3395215b0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an API app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration and Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid110\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"NotInstalledApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"NotInstalledApplication\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[Parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0633351-c7b2-41ff-9981-508fc08553c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid121\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if they not logging to the LA workspace specified in the policy/initiative assignment.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"notEquals\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f47b5582-33ec-4c5c-87c0-b010a6b2e917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of authorization rules on Event Hub entities\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit existence of authorization rules on Event Hub entities to grant least-privileged access\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/eventhubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/eventHubs/authorizationRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4826e5f-6a27-407c-ae3e-9582eb39891d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Auditing on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\",\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8456c1c-aa66-4dfb-861a-25d127b775c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Service Bus\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Stream Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Stream Analytics\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingJobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits that the specified application is installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor SQL vulnerability assessment results in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedinstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"feedbf84-6b99-488c-acc2-71c829aa5ffc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"cheggert: Append VMSS extension\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/virtualMachineProfile\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*].type\",\r\n \"notEquals\": \"GenevaMonitoring\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*]\",\r\n \"value\": {\r\n \"name\": \"Microsoft.Azure.Geneva.GenevaMonitoring\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Geneva\",\r\n \"type\": \"GenevaMonitoring\",\r\n \"typeHandlerVersion\": \"1.8\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {}\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/01b105ed-6ded-4a1d-894c-df85fd9351cb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"01b105ed-6ded-4a1d-894c-df85fd9351cb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage_httpsTrafficOnly\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/023217dd-81bb-461f-93ea-8799caac50c7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"023217dd-81bb-461f-93ea-8799caac50c7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"This shouldn't work\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This customer's policy is attempting to append multiple tags at once. I expect it will just append one tag with a really long name\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"value\": [\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04183864-11ae-4e7a-aadb-c600e40ed1b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04183864-11ae-4e7a-aadb-c600e40ed1b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Inherit named tag from resource group\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Applies the tag value from the resource group if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[resourcegroup().tags[parameters('tagName')]]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04904947-4d10-4454-9a50-f423d590e11b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04904947-4d10-4454-9a50-f423d590e11b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : AuditIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"deploys a delete lock for a resource \",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/0b88dfdb-55b3-4fb0-b474-5b6dcbe6b2ef/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"CanNotDelete\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {},\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"apiVersion\": \"2015-01-01\",\r\n \"name\": \"DeleteLock\",\r\n \"properties\": {\r\n \"level\": \"CanNotDelete\",\r\n \"notes\": \"prevent deletion\"\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ddd96d8-fccd-40cb-81d2-5072a4ed061c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ddd96d8-fccd-40cb-81d2-5072a4ed061c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robga-nsgtemplate-test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ddfee46-9b63-4313-a529-cfbf968d8118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ddfee46-9b63-4313-a529-cfbf968d8118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akif incident - 85944710\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 85944710\\nhttps://icm.ad.msft.net/imp/v3/incidents/details/85944710/home\\n\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af12870bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af12870bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"second attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af1287abe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af1287abe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"chegg: Deploy azsecpack autoupgrade (VMSS)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n }\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*].name\",\r\n \"notEquals\": \"Microsoft.Azure.Geneva.GenevaMonitoring\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"Microsoft.Azure.Geneva.GenevaMonitoring\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"GenevaMonitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Geneva\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/enableAutomaticUpgrade\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-10-01\",\r\n \"name\": \"[concat(parameters('vmssName'), '/Microsoft.Azure.Geneva.GenevaMonitoring')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"enableAutomaticUpgrade\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ec05dac-e529-48ef-8c20-f7e6af99a12b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ec05dac-e529-48ef-8c20-f7e6af99a12b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/123c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"123c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim nsg repro\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"fix\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/14ac45e9-df97-455d-b6ee-dd216f15f694\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"14ac45e9-df97-455d-b6ee-dd216f15f694\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim-incident-86226837-fix\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"1 - reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/15358dd8-671e-4c96-be33-2b668791418f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"15358dd8-671e-4c96-be33-2b668791418f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Attempt service bus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logProfiles\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logProfiles/serviceBusRuleId\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/163c640e-681c-445f-92ba-cd434bd8c11c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"163c640e-681c-445f-92ba-cd434bd8c11c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.zyx\",\r\n \"exists\": \"false\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/17d43473-870f-4bc8-93c6-3961fa1d91cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17d43473-870f-4bc8-93c6-3961fa1d91cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"peterhaugeaudit\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Testing resource group in IfNotExists (not the intent of the original policy, but looks like there's some weirdness here)\\n\\nChanged: Microsoft.Resources/subscriptions/resourceGroups to Microsoft.Resources/resourceGroups\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"name\": \"EnforceServicePrincipalAccessToDevTestLabsResourceGroups\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/19153189-4506-4910-b7bc-756e0188a6f2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"19153189-4506-4910-b7bc-756e0188a6f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit all tags\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"tags\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags\",\r\n \"value\": \"[resourceGroup().tags]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1e3c9312-c011-40a3-ac40-3bf3ddc24120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e3c9312-c011-40a3-ac40-3bf3ddc24120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource group locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Allowed resource group locations\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f20036f-28c3-48f3-9266-05d50fe391f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f20036f-28c3-48f3-9266-05d50fe391f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"docdb_aliases_test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/isVirtualNetworkFilterEnabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f5360b7-fe59-43f7-8af5-825df420d09c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f5360b7-fe59-43f7-8af5-825df420d09c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ovewrites security rules with IP restrictions at the securityRule level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Limit to one protocol. The most inclusive should come last. I.e. 22;22-22;22-23\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"priority\": {\r\n \"type\": \"int\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[parameters('fullRuleName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-02-01\",\r\n \"properties\": {\r\n \"protocol\": \"*\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[last(parameters('destinationPortRanges'))]\",\r\n \"access\": \"Allow\",\r\n \"direction\": \"Inbound\",\r\n \"priority\": \"[parameters('priority')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[field('Microsoft.Network/networksecurityGroups/securityRules/priority')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"20c4afd0-8a77-4433-b8b0-4ad06e4c7111\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy NSGs on Subnets\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforce that all subnets have a Network Security Group. If a subnet does not have one an NSG with the default Internet Exposed Endpoint restrictions will be created and associated with it.\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string to apply to all automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges must not overlap.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks/subnets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"notEquals\": \"null\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgPrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"nsgName\": \"[concat(parameters('nsgPrefix'), '-', parameters('location'))]\",\r\n \"vnetName\": \"[split(parameters('fullResourceName'), '/')[0]]\",\r\n \"vnetResourceId\": \"[resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))]\",\r\n \"getVnetDeploymentName\": \"[concat('getVnet-', variables('vnetName'))]\",\r\n \"collectSubnetsDeploymentName\": \"[concat('collectSubnets-', variables('vnetName'))]\",\r\n \"overwriteVnetDeploymentName\": \"[concat('overwriteVnet-', variables('vnetName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"vnetProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('vnetResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[variables('nsgName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"securityRules\": [\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Restrict\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from specific IP ranges (either corpnet or SAW)\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3997,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_AllowVnet\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from within the VNET\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"VirtualNetwork\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3998,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Deny\",\r\n \"properties\": {\r\n \"description\": \"Deny any controlled port connections that aren't explicitly allowed in higher priority rules\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 3999,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_AllowAll\",\r\n \"properties\": {\r\n \"description\": \"Allow all inbound traffic that isn't explicitly blocked by Port Lockdown restrictions\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 4000,\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectSubnetsDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_collectSubnets_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"nsgResourceId\": {\r\n \"value\": \"[resourceid('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"dependsOn\": [\r\n \"[variables('nsgName')]\"\r\n ],\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_overwriteVnet_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"updatedSubnets\": {\r\n \"value\": \"[reference(variables('collectSubnetsDeploymentName')).outputs.updatedSubnets.value]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"nsgPrefix\": {\r\n \"value\": \"[parameters('nsgPrefix')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/210ed8bd-6b07-4d5e-a62c-c34f07293288\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"210ed8bd-6b07-4d5e-a62c-c34f07293288\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit all Microsoft.Web/sites/config/authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/211a466d-b2be-46e8-b029-8c28f566f118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"211a466d-b2be-46e8-b029-8c28f566f118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of a tag2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits that a required tag is present on resources\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"notcontainsKey\": \"[parameters('tagName')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24813039-7534-408a-9842-eb99f45721b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append single location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.locationTest\",\r\n \"value\": \"[parameters('allowedLocation')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin oms vm linux parameterized effect\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"263f13f4-6b88-4788-bead-34beedde70ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere strange alias in field function\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"Tags['asdasd']\",\r\n \"equals\": \"[concat('whatever', 'a')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/26556185-593c-4866-9c0c-114ac0bf6120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26556185-593c-4866-9c0c-114ac0bf6120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test guest assignment\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/28e54a72-2fd7-40d3-afe2-b05423e0147a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"28e54a72-2fd7-40d3-afe2-b05423e0147a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"2nd attempt on this policy. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"notIn\": \"[parameters('allowedLocations')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd60841400\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd60841400\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-combined\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"the combined policy attempt for both cosmos db cases. \",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"locationNames\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd6084180f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd6084180f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage ip rules append 2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.ipRules\",\r\n \"value\": [\r\n {\r\n \"value\": \"8.8.8.8\",\r\n \"action\": \"Allow\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/2b2317a7-ab02-47b5-8159-eb7e6227709f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2b2317a7-ab02-47b5-8159-eb7e6227709f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[demo] Enforce KeyVault diagnostic log storage\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"[tolower(concat('cheggkv', parameters('location')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('cheggremdemo', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/332ce4ac-9200-4573-8c66-92b85fc82c8d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"332ce4ac-9200-4573-8c66-92b85fc82c8d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_enableAutomaticFailover\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/enableAutomaticFailover\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_defaultConsistencyLevel\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/consistencyPolicy.defaultConsistencyLevel\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0b7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_readLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_writeLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_failoverPolicies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd160\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c0df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c0df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL and Managed Instance TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c144\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c144\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services vaults test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"vault\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vault\",\r\n \"description\": \"The Recovery Services Vault.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n },\r\n \"vaults\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vaults\",\r\n \"description\": \"The list of Recovery Services Vaults.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('vault')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('vaults')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b2c1b0f-63c5-4943-8578-6d37fbe411bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b2c1b0f-63c5-4943-8578-6d37fbe411bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b788cf8-ff6f-4075-86a1-ab76270790e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b788cf8-ff6f-4075-86a1-ab76270790e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3cc5820a-cbb8-4977-9c90-d90ced95f12c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3cc5820a-cbb8-4977-9c90-d90ced95f12c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Name should have prefix and suffix\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Name should have prefix and suffix\",\r\n \"parameters\": {\r\n \"prefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The prefix\",\r\n \"description\": \"The name prefix\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"suffix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The suffix\",\r\n \"description\": \"The name suffix.\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('prefix'), '*', parameters('suffix'))]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e275e2e-a157-4ade-8f91-43b3ea370007\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e275e2e-a157-4ade-8f91-43b3ea370007\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Restrict VM skus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Restricts allowed VM skus to a predefined regex\",\r\n \"parameters\": {\r\n \"allowedSkuTemplate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed VM sku template\",\r\n \"description\": \"The VM sku template. Supports wildcards via '*'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"like\": \"[parameters('allowedSkuTemplate')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e34c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e34c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKU\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits the use of storage account SKUs that don't meet organizational cost policy.\",\r\n \"parameters\": {\r\n \"listOfAllowedSkus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of allowed SKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSkus')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e3682\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e3682\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaDataFactoryTest1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"RobgaDataFactoryTest\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataFactory/factories\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/robgatestworkspace/providers/Microsoft.OperationalInsights/workspaces/robgatestworkspace\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce autoUpgrade on VM/VMSS extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies any VM or VMSS extensions that do not have autoUpgradeMinorVersion set to true.\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f772\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f772\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically enabled autoUpgradeMinorVersion on VM extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f783\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f783\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM scale set extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically appends autoUpgradeMinorVersion=true to VMSS extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f7a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f7a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService must use serverFarm\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService serverFarm must have capacity > 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/serverFarms\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/serverFarms/sku.capacity\",\r\n \"in\": [\r\n \"0\",\r\n \"1\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc23\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc23\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Do_Not_Delete\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy is used for unit tests. Please do not delete it.\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4a0425e4-97bf-4ad0-ab36-145b94083c60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4a0425e4-97bf-4ad0-ab36-145b94083c60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny MySQL firewallRules starting with 0\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4b94c320-ce63-4fb6-ba9d-7dbe648b90de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4b94c320-ce63-4fb6-ba9d-7dbe648b90de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83686598\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"deny the creation of storage if supportsHttpsTrafficOnly is false\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"detect 'allow All' NSG rule\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c915617-16f0-4c62-b021-e66d5409d11d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c915617-16f0-4c62-b021-e66d5409d11d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332195\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332199\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332199\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny storage container creation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts/blobServices/containers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4d2f8837-7acb-4488-b580-95960ee3f116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d2f8837-7acb-4488-b580-95960ee3f116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure auto-created NSG rules exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ensures that security rules created in auto-created PortLockdown NSGs are not tampered with\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string applied to automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to in the expected security rule. I.e. 192.4.0.0/8;192.5.0.0/8 or *\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions in the expected security rule\"\r\n }\r\n },\r\n \"priority\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected priority\",\r\n \"description\": \"The priority of the expected security rule.\"\r\n }\r\n },\r\n \"access\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected access\",\r\n \"description\": \"The access (allow/deny) of the expected security rule.\"\r\n },\r\n \"allowedValues\": [\r\n \"Allow\",\r\n \"Deny\"\r\n ]\r\n },\r\n \"name\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected name\",\r\n \"description\": \"The name of the expected security rule.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('nsgPrefix'), '-', field('location'))]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"equals\": \"[parameters('priority')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"[parameters('access')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"name\": {\r\n \"type\": \"string\"\r\n },\r\n \"priority\": {\r\n \"type\": \"string\"\r\n },\r\n \"access\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"isSinglePrefix\": \"[equals(count(parameters('sourceAddressPrefixes')), 1)]\",\r\n \"isSinglePortRange\": \"[equals(count(parameters('destinationPortRanges')), 1)]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('nsgName'), '/', parameters('name'))]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"properties\": {\r\n \"description\": \"Rule auto-created by Internet Exposed Endpoints protection\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[if(variables('isSinglePortRange'), first(parameters('destinationPortRanges')), '')]\",\r\n \"destinationPortRanges\": \"[if(not(variables('isSinglePortRange')), parameters('destinationPortRanges'), json('[]'))]\",\r\n \"sourceAddressPrefix\": \"[if(variables('isSinglePrefix'), first(parameters('sourceAddressPrefixes')), '')]\",\r\n \"sourceAddressPrefixes\": \"[if(not(variables('isSinglePrefix')), parameters('sourceAddressPrefixes'), json('[]'))]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"[parameters('access')]\",\r\n \"priority\": \"[int(parameters('priority'))]\",\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"name\": {\r\n \"value\": \"[parameters('name')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[parameters('priority')]\"\r\n },\r\n \"access\": {\r\n \"value\": \"[parameters('access')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f283ec4-25a9-46df-bbf2-806ed5a3e115\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rs defaultvalue backslash\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Extensions to Exclude\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \".FWD;.GSC;.GSE;.MYD;.MYI;.SMD;.VAC;.BAK;.CHK;.FRM;.LDF;.LOG;.MBX;.MDF;.NDF;.TRN;.UND;.UNF;.UNH;.UNI;.UNQ;.UNS;.VHD;.VMDX;.WCI;.EDB;.SDS\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Paths to Exclude\",\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Sysvol;C:\\\\ProgramData\\\\Microsoft\\\\SharePoint;C:\\\\Program Files\\\\Common Files\\\\Microsoft Shared\\\\Web Server Extensions;C:\\\\Program Files\\\\Operations Manager;C:\\\\Program Files\\\\Microsoft Monitoring Agent;C:\\\\Program Files\\\\Microsoft Office Servers;C:\\\\Program Files\\\\Microsoft System Center 2012 R2\\\\Server;C:\\\\Program Files\\\\System Center Operations Manager;C:\\\\Program Files\\\\System Center Operations Manager 2007;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\NTDS;C:\\\\Windows\\\\System32\\\\LogFiles;C:\\\\Windows\\\\Sysvol;C:\\\\Program Files\\\\Double-Take Software;C:\\\\Program Files\\\\DoubleTake;C:\\\\Program Files\\\\Exchsrvr;C:\\\\Program Files\\\\Ipswitch;C:\\\\Program Files\\\\LogMeIn;C:\\\\Windows\\\\SoftwareDistribution\\\\Datastore;C:\\\\Windows\\\\Temp\\\\Gthrsvc\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Processes to Exclude\",\r\n \"description\": \"Semicolon delimited list of processes to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"HealthService.exe;ManagementService.exe;Microsoft.Mom.Sdk.Service.exe;Microsoft.Mom.ConfigServiceHost.exe;MonitoringHost.exe;pagefile.sys\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable real time protection\",\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Scheduled scans\",\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n },\r\n \"defaultValue\": \"false\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Scheduled Scan Type\",\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n },\r\n \"defaultValue\": \"Quick\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Day of Scheduled Scan\",\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n },\r\n \"defaultValue\": \"7\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Time of Scheduled Scan\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"120\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"value\": \"[parameters('ExclusionsExtensions')]\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"value\": \"[parameters('ExclusionsPaths')]\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"value\": \"[parameters('ExclusionsProcesses')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"[parameters('RealtimeProtectionEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsIsEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsDay')]\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsTime')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50877efd-8dd9-43d5-b4e6-3b70e64311b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50877efd-8dd9-43d5-b4e6-3b70e64311b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy key vault KV_B if key vault KV_A does not exist.\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy will deploy a key vault named KV_B if a key vault named KV_A does not exist.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"KV_B\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-10-01\",\r\n \"name\": \"KV_A\",\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"location\": \"eastus2\",\r\n \"properties\": {\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"sku\": {\r\n \"family\": \"A\",\r\n \"name\": \"standard\"\r\n },\r\n \"accessPolicies\": []\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50e2972e-143c-4edf-9ef6-bee0f84212d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaTestRbac\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Authorization/roleAssignments/principalId\",\r\n \"equals\": \"Admin\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/560482cd-dac5-41e6-9cef-b0aecd6020de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"560482cd-dac5-41e6-9cef-b0aecd6020de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : definition param with assignPermissions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/57ef268f-b414-436a-9894-125a81d80b30\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"57ef268f-b414-436a-9894-125a81d80b30\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"GokmenhAuditLocation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit if not west us\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5948d091-78b7-4d3b-a404-cc6a0329b0c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5948d091-78b7-4d3b-a404-cc6a0329b0c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"deployifnotexist template alias tests - redis\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/Redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/sku.family\",\r\n \"equals\": \"C\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"Whatever*\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"type\": \"string\"\r\n },\r\n \"nameField\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuFamilyOut\": {\r\n \"value\": \"[parameters('skuFamily')]\",\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPortOut\": {\r\n \"value\": \"[parameters('enableNonSslPort')]\",\r\n \"type\": \"string\"\r\n },\r\n \"nameFieldOut\": {\r\n \"value\": \"[parameters('nameField')]\",\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/sku.family')]\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/enableNonSslPort')]\"\r\n },\r\n \"nameField\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"exists\": \" false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca376\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca376\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86318519\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86318519\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallrules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"AllowAllWindowsAzureIps\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca600\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca600\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"exists\": \"true\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"notIn\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca8d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca8d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Test storage alias\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Test storage alias\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"type\": \"string\"\r\n },\r\n \"encrypt\": {\r\n \"type\": \"string\"\r\n },\r\n \"accessTier\": {\r\n \"type\": \"string\"\r\n },\r\n \"skuName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuNameOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('skuName')]\"\r\n },\r\n \"accessTierOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('accessTier')]\"\r\n },\r\n \"httpsOnlyOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('httpsOnly')]\"\r\n },\r\n \"encryptOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('encrypt')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly')]\"\r\n },\r\n \"encrypt\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/enableBlobEncryption')]\"\r\n },\r\n \"accessTier\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/accessTier')]\"\r\n },\r\n \"skuName\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/sku.name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5fa69139-9a49-464e-90b5-0d243a469138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5fa69139-9a49-464e-90b5-0d243a469138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit costcenter tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"value\": \"[resourceGroup().tags.CostCenter]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6ced0d17-98f3-41e2-8038-08c8f4fb90e3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6ced0d17-98f3-41e2-8038-08c8f4fb90e3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim Apply allowed tag and its default value\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"3\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n },\r\n \"allowedValues\": [\r\n \"TagA\",\r\n \"TagB\"\r\n ]\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6d1735de-f3e3-4c40-a8b2-7b3a1042a895\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6d1735de-f3e3-4c40-a8b2-7b3a1042a895\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": null\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"3\"\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"Metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The metric operator.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"The timeAggregation.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"The window size.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"The evaluation frequency.\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The action group id.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('alertNamePrefix'), '*')]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(toLower(parameters('alertNamePrefix')), uniqueString(resourceGroup().id))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6f2c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6f2c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testImageId\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"css\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"contains\": \"resourceGroups/testSandipsh\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/70dc1e8d-61c9-4089-8bf5-895b227c1298\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"70dc1e8d-61c9-4089-8bf5-895b227c1298\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"policyTrackedResources-sdk-tests\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"notIn\": [\r\n \"policyTrackedResources-sdk-tests-rule1\",\r\n \"policyTrackedResources-sdk-tests-rule2\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule1')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule2')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2001,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny if blob is not encrypted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/74d5cf40-7293-46a4-a285-7ea971e3719a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"74d5cf40-7293-46a4-a285-7ea971e3719a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Location restriction\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Policy to force allocations to a set of given locations\",\r\n \"metadata\": {\r\n \"category\": \"cstack\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/763dcd1d-a4a9-46a8-8bd3-357c4533a335\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"763dcd1d-a4a9-46a8-8bd3-357c4533a335\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83577342 deny proxy resource location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/83577342/home\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"eastus\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingjobs/transformations\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/77429b44-aac1-4417-a53e-6900c07e11ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"77429b44-aac1-4417-a53e-6900c07e11ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Block TLS < 1.2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/slots/config\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\r\n \"notEquals\": \"1.2\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/78c5df31-2f05-4f4d-acfe-3e536d88c1bc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"78c5df31-2f05-4f4d-acfe-3e536d88c1bc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny ActiveDirectory administrators\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/administrators/administratorType\",\r\n \"equals\": \"ActiveDirectory\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash weird chars\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR!@#$%^&*()_+=-{}[];:',.<>?~`/;C:\\\\hello\\\\there\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7f4d769f-78db-46eb-ac3c-0b8214f8c245\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f4d769f-78db-46eb-ac3c-0b8214f8c245\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock v2\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/83daa8ee-7c9a-470c-81a8-5a99ac09d134\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83daa8ee-7c9a-470c-81a8-5a99ac09d134\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"northwell.io\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/86cd412c-c557-473b-984c-a5f15cdcb116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86cd412c-c557-473b-984c-a5f15cdcb116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Parameterized effect (if location != eastus)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The policy effect.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"eastus\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"885f1dcb-a9c5-4c8c-8996-2702db44a2d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.xyz\",\r\n \"exists\": false\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8959fd87-c1dd-4831-9034-a4f876bee1cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8959fd87-c1dd-4831-9034-a4f876bee1cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Kubernetes ingress policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Only specified ingress is allowed based on names\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere applicability test 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/whatever\"\r\n },\r\n {\r\n \"field\": \"tags.applicability\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8e6b598c-1a45-404b-97dd-983e37c040da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8e6b598c-1a45-404b-97dd-983e37c040da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_ipRangeFilter\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/ipRangeFilter\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9012b1cd-b045-46c6-a510-6137e06a009c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elperetest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"value\": \"[resourceGroup().tags['Hyphen-test']]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9389a21b-2134-414a-a579-e9f2709b2131\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9389a21b-2134-414a-a579-e9f2709b2131\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash (array)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": [\r\n \"C:\\\\rs-pkgs\",\r\n \"C:\\\\System Volume Information\\\\DFSR\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/985adbc0-6d2e-448a-ac26-89d3688191d5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"985adbc0-6d2e-448a-ac26-89d3688191d5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github209\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/virtualNetworkRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9a060c03-fda7-4b0a-b4da-15e2b7e4d117\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9a060c03-fda7-4b0a-b4da-15e2b7e4d117\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - Subscription Lvl test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Subscriptionlevel auditIfNotExist policy\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a1b067c8-2970-4c0b-b0da-31ae7f33d1de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1b067c8-2970-4c0b-b0da-31ae7f33d1de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Noop\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Don't do anything\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"yabba\",\r\n \"dabba\",\r\n \"doo\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a309ad64-0bae-48d9-a6b1-d99c0b4218b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a309ad64-0bae-48d9-a6b1-d99c0b4218b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyof\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a337c781-c7d8-4e12-ae69-1951c7e74378\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a337c781-c7d8-4e12-ae69-1951c7e74378\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127 - better\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\",\r\n \"Deny\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"81196380\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure https traffic only for storage account\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure https traffic only for storage account\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"true\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscription name tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"add subscription name tag\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionname\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionname\",\r\n \"value\": \"[subscription().displayName]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d82a2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d82a2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Add subscription \\\"id\\\" tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.id\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.id\",\r\n \"value\": \"[subscription().id]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8339\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8339\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscriptionId tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionId\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionId\",\r\n \"value\": \"[subscription().subscriptionId]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8635\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8635\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgaNSGtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/aeb6a524-e3d1-4b8a-afa8-26ae4e291116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aeb6a524-e3d1-4b8a-afa8-26ae4e291116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed Location Indexed\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"hackathon policy\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Allowed-Locations-Indexed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Allowed-Locations-Indexed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if antiMalware extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy audits if the anti malware extension .\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/antiMalwareExtensionExists\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"antiMalwareExtensionExists\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Web socket must be disabled on App Services\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures web sockets are disabled on App Services.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/AppServiceWebSockets\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"AppServiceWebSockets\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure Security Center must be enabled\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures Azure Security Center is enabled.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ASCEnabled\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ASCEnabled\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and it's value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and its value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits if a required extension doesn't exist.\",\r\n \"parameters\": {\r\n \"publisher\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The publisher of the extension\",\r\n \"displayName\": \"Extension Publisher\"\r\n }\r\n },\r\n \"type\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The type of the extension\",\r\n \"displayName\": \"Extension Type\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"[parameters('publisher')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"[parameters('type')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/audit-vm-extension\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"audit-vm-extension\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"CanCrudPolicyAssignment Policy Definition $[Auto Test]\",\r\n \"policyType\": \"Custom\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"ResourceProviderTestHost/TestResourceType/TestResourceTypeNestedOne/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/azsmnet6487\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"azsmnet6487\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"89322663 audit diag setting\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"description\": \"The list of resources types to audit for missing diagnostic log settings.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"details\": {\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"equals\": \"true\",\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\"\r\n }\r\n ]\r\n },\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\"\r\n },\r\n \"effect\": \"AuditIfNotExists\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b350b9b0-8ba5-4867-bc9c-63b4544671b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b350b9b0-8ba5-4867-bc9c-63b4544671b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"makharchtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"policy\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b36f6195-0fc5-4a41-bbce-875248400f5f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b36f6195-0fc5-4a41-bbce-875248400f5f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash really long string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b9203c56-0565-434a-a315-87f4da9f21b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b9203c56-0565-434a-a315-87f4da9f21b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"NSG Rules exists test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].protocol\",\r\n \"notLike\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/bb6a78ae-8737-41e0-9c41-cc777c8c00a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bb6a78ae-8737-41e0-9c41-cc777c8c00a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"Category\": \"Flintstones\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"yabba\",\r\n \"dabba\",\r\n \"doo\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/BedrockPolicy\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"BedrockPolicy\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c0f586f1-abe5-4801-8588-7332e49e60c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c0f586f1-abe5-4801-8588-7332e49e60c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"234\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logprofiles\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/logprofiles\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Doublecheck the lifecycle tag policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy refers to tags['Lifecycle'], which with the current implementation of the escaped tags syntax will refer to a tag named 'Lifecycle' (quotes and all). This is a customer policy that would be broken when I switch the meaning of tags['Lifecycle'] to refer simply to a tag named Lifecycle (no quotes)\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['Lifecycle']\",\r\n \"notIn\": [\r\n \"dev\",\r\n \"tst\",\r\n \"stg\",\r\n \"prd\",\r\n \"trn\",\r\n \"prf\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c6be98a9-8108-40aa-b726-d2ae8e2891b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c6be98a9-8108-40aa-b726-d2ae8e2891b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe resource group auditIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c7b9982d-2f50-4730-935f-5c241982a441\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c7b9982d-2f50-4730-935f-5c241982a441\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed resource types\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": \"The list of allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('allowedTypes')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c872f951-1c5d-4c61-89dd-aee2350a11ba\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8b79b49-a579-4045-984e-1b249ab8b474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8cedfaa-4aa0-465a-8b90-49caf8177158\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8cedfaa-4aa0-465a-8b90-49caf8177158\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere css block NSG changes\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/95894791/home\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"nsgName\",\r\n \"description\": \"The name of the NSG.\"\r\n },\r\n \"defaultValue\": \"nsgName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('nsgName')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"fullName\",\r\n \"like\": \"[concat(parameters('nsgName'), '/*')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ca01432d-4278-45a6-8137-69f2155d2248\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ca01432d-4278-45a6-8137-69f2155d2248\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin empty string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure resource names meet the like condition for a pattern.\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"namePattern\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"namePattern\",\r\n \"description\": \"Pattern to use for names. Can include wildcard (*).\"\r\n },\r\n \"allowedValues\": [\r\n \"\",\r\n \"one\",\r\n \"two\"\r\n ],\r\n \"defaultValue\": \"\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('namePattern')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"camarvin-test-empty-assign\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere append 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.test\",\r\n \"value\": \"1\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny on 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.test\",\r\n \"equals\": \"1\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Resource name contains resource group name\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Require resources to contain the resource group's name\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"notContains\": \"[resourceGroup().name]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/contain-resource-group-name\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"contain-resource-group-name\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v3\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"third attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5002\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-deployIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"deploys a delete lock for a resource \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/0b88dfdb-55b3-4fb0-b474-5b6dcbe6b2ef/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"CanNotDelete\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {},\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"apiVersion\": \"2015-01-01\",\r\n \"name\": \"DeleteLock\",\r\n \"properties\": {\r\n \"level\": \"CanNotDelete\",\r\n \"notes\": \"prevent deletion\"\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5632\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5632\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce KeyVault diagnostic log storage (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"elperetest\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('elpere', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d0d9349d-843c-443a-9f27-5ce84f08c37e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d0d9349d-843c-443a-9f27-5ce84f08c37e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere template paramters function tests\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"testing strange array behavior\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"contains\": \"lmao\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"String\"\r\n },\r\n \"dataDisks\": {\r\n \"type\": \"object\"\r\n },\r\n \"osDisk\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmVar\": \"[parameters('vmName')]\",\r\n \"dataDisksVar\": \"[parameters('dataDisks')]\"\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"vmNameOut\": {\r\n \"value\": \"[variables('vmVar')]\",\r\n \"type\": \"String\"\r\n },\r\n \"dataDisksOut\": {\r\n \"value\": \"[concat(array(parameters('osDisk')), if(empty(parameters('dataDisks').rawValue), parameters('dataDisks').emptyArray, array(parameters('dataDisks').rawValue)))]\",\r\n \"type\": \"array\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"dataDisks\": {\r\n \"value\": {\r\n \"rawValue\": \"[field('Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.id')]\",\r\n \"emptyArray\": []\r\n }\r\n },\r\n \"osDisk\": {\r\n \"value\": \"[field('Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.id')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d2532053-bf59-4095-a1ae-2b7e4744f119\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d2532053-bf59-4095-a1ae-2b7e4744f119\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Access KV as part of remidiation deployment test (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"hello\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"outputs\": {\r\n \"testSecretOutput\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('testSecret')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"reference\": {\r\n \"keyVault\": {\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/elpere/providers/Microsoft.KeyVault/vaults/elpereKv\"\r\n },\r\n \"secretName\": \"test\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d35ce9be-f51b-4d3e-bc7f-dde2936381b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d35ce9be-f51b-4d3e-bc7f-dde2936381b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - inv\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"inv \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\",\r\n \"details\": {\r\n \"functionId\": \"subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourcegroups/AKif2WebApp/providers/Microsoft.Logic/workflows/deneme\",\r\n \"payload\": {\r\n \"locations\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d54722e7-4665-47ce-9a82-2f96cebfe238\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d54722e7-4665-47ce-9a82-2f96cebfe238\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - incident - gardner\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"name\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"text\": {\r\n \"type\": \"string\",\r\n \"value\": \"Policy executed for resource [parameters('name')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"name\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d54722e7-4665-47ce-9a82-2f96cebfe353\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d54722e7-4665-47ce-9a82-2f96cebfe353\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs (NSG level)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Overwrites security rules with IP restrictions at the NSG level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges may overlap.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"getNsgDeploymentName\": \"[concat('getNSGContent-', parameters('nsgName'))]\",\r\n \"collectorDeploymentName\": \"[concat('collectRules-', parameters('nsgName'))]\",\r\n \"overwriteNsgDeploymentName\": \"[concat('overwriteNsg-', parameters('nsgName'))]\",\r\n \"nsgResourceId\": \"[resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"nsgProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('nsgResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectorDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_collectRules_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"nsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"portRangesToRestrict\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_overwriteNSG_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"originalNsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"updatedSecurityRules\": {\r\n \"value\": \"[reference(variables('collectorDeploymentName')).outputs.updatedSecurityRules.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d7b13c30-e6aa-47e1-b50a-8e33f152d086\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d7b13c30-e6aa-47e1-b50a-8e33f152d086\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7121\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7126\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e712b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7130\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7135\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e713a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Audited skus\",\r\n \"description\": \"The list of skus.\",\r\n \"strongType\": \"storageSkus\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e90ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e90ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List Of Allowed SKUs\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"vmSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e9170\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e9170\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[elpere] deployIfNotExists Runners test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"deployIfNotExistsTestsRule\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/deployIfNotExistsTestsRule')]\",\r\n \"properties\": {\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbfa9fc0-5202-4001-8759-1aa2387f825b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbfa9fc0-5202-4001-8759-1aa2387f825b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"allowedOS\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"test_sandipsh\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedWindows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Windows VMs\",\r\n \"description\": \"The list of allowed VMs for Windows.\"\r\n }\r\n },\r\n \"listOfAllowedUbuntus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Ubuntu VMs\",\r\n \"description\": \"The list of allowed VMs for Ubuntu.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/disks\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"Canonical\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"UbuntuServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedUbuntus')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedWindows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services backup policies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"policies\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policies\",\r\n \"description\": \"The list of allowed Recovery Services backup policies.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n },\r\n \"policy\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policy\",\r\n \"description\": \"Allowed Recovery Services backup policy.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('policies')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('policy')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e3f9a624-b17d-4dc8-9649-65814d3241bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3f9a624-b17d-4dc8-9649-65814d3241bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"authSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their logs config\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"logs\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny changing sites authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"defaultValue: all parameters\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"defaultValue\"\r\n },\r\n \"parameters\": {\r\n \"locations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array)\",\r\n \"description\": \"The list of locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": [\r\n \"eastus\",\r\n \"westus\"\r\n ]\r\n },\r\n \"location\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string)\",\r\n \"description\": \"The location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"resourceGroups\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array)\",\r\n \"description\": \"The list of resource groups.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": [\r\n \"camarvin\"\r\n ]\r\n },\r\n \"resourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string)\",\r\n \"description\": \"The resource group.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": \"camarvin\"\r\n },\r\n \"tags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array)\",\r\n \"description\": \"The list of tags.\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"tag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string)\",\r\n \"description\": \"The tag.\"\r\n },\r\n \"defaultValue\": \"\"\r\n },\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array, av)\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": [\r\n \"eastus\"\r\n ]\r\n },\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string, av)\",\r\n \"description\": \"The allowed location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"allowedStorageSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array, av)\",\r\n \"description\": \"The list of allowed storage SKUs for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ]\r\n },\r\n \"allowedStorageSKU\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string, av)\",\r\n \"description\": \"The allowed storage SKU for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": \"Standard_LRS\"\r\n },\r\n \"allowedTags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array, av)\",\r\n \"description\": \"The list of allowed tags.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ]\r\n },\r\n \"allowedTag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string, av)\",\r\n \"description\": \"The allowed tag.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": \"FirstName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('locations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('resourceGroups')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('resourceGroup')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('tags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('tag')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedStorageSkus')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"Equals\": \"[parameters('allowedStorageSku')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedTags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"NotEquals\": \"[parameters('allowedTag')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ea1688b3-022e-4add-af39-2fe60689a3b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ea1688b3-022e-4add-af39-2fe60689a3b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny \\\"Allow All\\\" NSG rules\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies the creation of sourceAddressPrefix=\\\"*\\\", destinationPortRange=\\\"*\\\" NSG security rules\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"PortLockdown_AllowAll\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"notEquals\": \"4000\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github264\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/siteAuthSettings.enabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ef00ee9d-fe45-4d14-8bee-789eea392116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ef00ee9d-fe45-4d14-8bee-789eea392116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"GokmenhTestTagWithHyphen5\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"GokmenhTestTagWithHyphen5\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"value\": \"[resourceGroup().tags['Hyphen-test']]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/f2320be5-23be-4b58-8d8e-08c3044dd60f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f2320be5-23be-4b58-8d8e-08c3044dd60f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy enables you to audit your location.\",\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/LocationAuditDefinition\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"LocationAuditDefinition\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"northeurope\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/policy2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"policy2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps6386\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps6386\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9652\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps9652\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9867\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps9867\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test policy\",\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testSandipsh.draft\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testSandipsh.draft\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testtest\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"testtest\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testtest\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testtest\"\r\n }\r\n ]\r\n}", "StatusCode": 200 }, { @@ -284,16 +284,16 @@ "Accept-Encoding" ], "x-ms-ratelimit-remaining-subscription-reads": [ - "11993" + "11999" ], "x-ms-request-id": [ - "westus2:27b41ff3-7eee-4268-a338-16ad6c24a6f8" + "westus2:a44d3c18-72f7-46ff-a237-02831b7ee8dd" ], "x-ms-correlation-request-id": [ - "23949ec5-feb4-4889-91c6-2858fbdfb8c1" + "c644d0e2-483c-4a41-890f-f02f542c0d78" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T214143Z:23949ec5-feb4-4889-91c6-2858fbdfb8c1" + "WESTUS2:20190116T193726Z:c644d0e2-483c-4a41-890f-f02f542c0d78" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -302,10 +302,10 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:41:42 GMT" + "Wed, 16 Jan 2019 19:37:26 GMT" ], "Content-Length": [ - "439489" + "487308" ], "Content-Type": [ "application/json; charset=utf-8" @@ -317,7 +317,7 @@ "0" ] }, - "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines without disaster recovery configured\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"ASR-Protect-*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an Function app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"001802d1-4969-4c82-a700-c29c6c6f9bbd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"053d3325-282c-4e5c-b944-24faffd30d77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Data Lake Store\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057ef27e-665e-4328-8ea3-04b3122bd9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL DB Level Audit Setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit DB level audit setting for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit VMs that do not use managed disks\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0868462e-646c-4fe3-9ced-a733534b6a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08b17839-76c6-4015-90e0-33d9d54d219c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit minimum number of owners for subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate more than one subscription owner in order to have administrator access redundancy.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateMoreThanOneOwner\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted VM Disks in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0961003e-5a0a-4549-abde-af6a37f2724d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit resource location matches resource group location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that the resource location matches its resource group location\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"notIn\": [\r\n \"[resourcegroup().location]\",\r\n \"global\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a914e76-4921-4c19-b460-a2d36003525a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an function app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e60b895-3786-45da-8377-9c6b4b6ac5f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11ac78e3-31bc-4f0c-8434-37ab963cea07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the required content to audit that an application is installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"WhitelistedApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WhitelistedApplication\"\r\n },\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"installedApplication\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[Parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit transparent data encryption status\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit transparent data encryption status for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"enabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17k78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1c210e94-a481-4beb-95fa-1571b434fb04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicCompute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d84d5fb-01f6-4d12-ba4f-4a26081d403d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1de7b11d-1870-41a5-8181-507e7c663cfb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enforces a required tag and its value. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e30110a-5ceb-460c-a204-c1c3969c6d62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit provisioning of an Azure Active Directory administrator for SQL server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/administrators\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f314764-cb73-4fc9-b863-8eca98ac36e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected web application in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Web applications without a Web Application Firewall protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\",\r\n \"Microsoft.Web/hostingEnvironments\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201ea587-7c90-41c3-910f-c280ae01cfd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a API app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"224da9fe-0d38-4e79-adb3-0a6e2af942ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of only secure connections to your Redis Cache\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Cache\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22bee202-a82f-4305-9a2a-6d7f44d4dedb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordLength\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordLength\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit configuration of metric alert rules on Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit configuration of metric alert rules on Batch account to enable the required metric\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/alertRules\",\r\n \"existenceScope\": \"Subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\r\n \"equals\": \"[parameters('metricName')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\r\n \"equals\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', field('name'))]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Microsoft IaaSAntimalware extension for Windows Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys a Microsoft IaaSAntimalware extension with a default configuraion when a VM is not configured with the antimalware extension.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of process names to exclude from scanning\"\r\n }\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"false\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Quick\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"7\",\r\n \"metadata\": {\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"120\",\r\n \"metadata\": {\r\n \"description\": \"When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM.\"\r\n }\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2835b622-407b-4114-9198-6f7064cbe0dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Applies a required tag and its default value if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fde8a98-6892-426a-83ba-050e640c0ce0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32133ab0-ee4b-4b44-98d6-042180979d50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid232\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"equals\": \"Allow\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34c877ad-507e-4c82-993e-3452a6e0ad3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Logic Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Logic Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34f95f76-5386-4de7-b824-0d8478470c9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MaximumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MaximumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enablement of encryption of Automation account variables\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is important to enable encryption of Automation account variable assets when storing sensitive data\",\r\n \"metadata\": {\r\n \"category\": \"Automation\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts/variables\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Automation/automationAccounts/variables/isEncrypted\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3657f5a0-770e-44a3-b44e-9431ba1e9735\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Threat Detection is enabled on SQL Servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicStorage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c1b3629-c8f8-4bf6-862c-037cb9094038\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Log Analytics Agent for Ubuntu VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace\",\r\n \"metadata\": {\r\n \"category\": \"Compute\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\",\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\",\r\n \"14.04.2-LTS\",\r\n \"12.04.5-LTS\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fe37002-5d00-4b37-a301-da09e3a0ca66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit secure transfer to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit requirment of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"404c3081-a854-4457-ae30-26a93ef643f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"428256e6-1fac-4f48-a757-df34c2b3336d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor permissive network access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"permissiveNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44452482-524f-4bf4-b852-0bff7cc4a3ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require SQL Server version 12.0\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures all SQL servers use version 12.0\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/version\",\r\n \"equals\": \"12.0\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46544d7b-1f0d-46f5-81da-5c1351de1b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce automatic OS upgrade with app health checks on VMSS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces usage of automatic OS upgrade with application health checks through health probes, which enables safer rollout by evaluating application health after each OS upgrade batch.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade\",\r\n \"equals\": \"True\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/networkProfile.healthProbe.id\",\r\n \"exists\": \"False\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f0161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible app Whitelisting in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible Application Whitelist configuration will be monitored by Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"applicationWhitelisting\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47a6b606-51aa-4496-8bb7-64b11cf66adc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48893b84-a2c8-4d9a-badf-835d5d1b7d53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Applies a required tag and its default value to resource groups if it is not specified by the user.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d1c04de-2172-403f-901b-90608c35c721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit maximum number of owners for a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateLessThanXOwners\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f11b553-d42e-4e3a-89be-32ca364cad4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with write permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df82f4f-773a-4a2d-97a2-422a806f1a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in India data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: West India, South India, Central India\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with read permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit the setting of ClusterProtectionLevel property to EncryptAndSign in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].name\",\r\n \"notEquals\": \"Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name\",\r\n \"notEquals\": \"ClusterProtectionLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value\",\r\n \"notEquals\": \"EncryptAndSign\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"617c02be-7f02-4efd-8836-3180d47b6c68\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit missing blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits storage accounts without blob encryption. It only applies to Microsoft.Storage resource types, not other storage providers. Possible network Just In Time access will be monitored by Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"655cb504-bcee-4362-bd4c-402e6aa38759\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a Function app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"664346d9-be92-43fb-a219-d595eeb76a90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a web application from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8450e2-6c61-43b4-be65-62e3a197bffe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization cannot deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that cannot be deployed.\",\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesNotAllowed')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdb9205-3462-4cfc-87d8-16c7860b53f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"EnforcePasswordHistory\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed storage account SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"StorageSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7433c107-6db4-4ad1-b57a-a76dce0154a1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in App Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"752c6934-9bcc-4749-b004-655e676ae2ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor VM Vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"vulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"760a85ff-6162-42b3-8d70-698e268f648c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"IaaSDiagnostics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Diagnostics\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"LinuxDiagnostic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.OSTCExtensions\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c1b1214-f927-48bf-8882-84f0af6588b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e56b49b-5990-4159-a734-511ea19b731c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordMustMeetComplexityRequirements\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit diagnostic setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f89b1eb-583c-429a-8828-af049802c1d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a214f7-d01a-484b-91a9-ed54470c9a6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy SQL DB transparent data encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enables transparent data encryption on SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('fullDbName'), '/current')]\",\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"apiVersion\": \"2014-04-01\",\r\n \"properties\": {\r\n \"status\": \"Enabled\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"value\": \"[field('fullName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing system updates in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Missing security system updates on your servers will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"systemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86b3d65f-7626-441e-b690-81a8b71cff60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"not_installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"not_installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"884b209a-963b-4520-8006-d20cb3c213e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces a required tag and its value on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce3da23-7156-49e4-b145-24f95f9dcb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"StorePasswordsUsingReversibleEncryption\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9297c21d-2ed6-4474-b48f-163f75654ce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in European data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: North Europe, West Europe\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"northeurope\",\r\n \"westeurope\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"94c19f19-8192-48cd-a11b-e37099d3e36b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in United States data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"centralus\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"northcentralus\",\r\n \"southcentralus\",\r\n \"westus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"983211ba-f348-4758-983b-21fa29294869\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9bfe3727-0a17-471f-a2fe-eddd6b668745\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected network endpoints in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network endpoints without a Next Generation Firewall's protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedNetworkEndpoint\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9daedab3-fb2d-461e-b861-71790eead4f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that can be deployed.\",\r\n \"displayName\": \"Allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesAllowed')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a08ec900-254a-4555-9bf5-e42af04b5c5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Service Bus namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1817ec0-a368-432a-8057-8371e17ac6ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a451c1ef-c6ca-483d-87ed-f49761e3ffb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL server level Auditing settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audits the existence of SQL Auditing at the server level\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Desired Auditing setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enabled\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit standard tier of DDoS protection is enabled for a virtual network\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableDDoSProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce encryption on Data Lake Store accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures encryption is enabled on all Data Lake Store accounts\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DataLakeStore/accounts/encryptionState\",\r\n \"equals\": \"Disabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7ff3161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unencrypted SQL servers or databases will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a8bef009-a5c9-4d0f-90d7-6018734e8a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy network watcher when virtual networks are created\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"networkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[field('location')]\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-09-01\",\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"name\": \"[concat('networkWacher_', parameters('location'))]\",\r\n \"location\": \"[parameters('location')]\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with owner permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa633080-8b72-40c4-a2d7-d00c03e80bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Automatic provisioning of security monitoring agent\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Installs security agent on VMs for advanced security alerts and preventions in Azure Security Center. Applies only for subscriptions that use Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"securityAgent\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abcc6037-1fc4-47f6-aac5-89706589be24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'environment' tag value in allowed values\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.environment\",\r\n \"in\": [\r\n \"production\",\r\n \"dev\",\r\n \"test\",\r\n \"staging\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"endpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af6cd1bd-1635-48cb-bde7-5b15693900b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unaudited SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"SQL servers and databases which doesn't have SQL auditing turned on will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"auditing\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af8051bf-258b-44e2-a2bf-165330459f9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible network Just In Time (JIT) access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"jitNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM /etc/passwd file permissions are set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Event Hub namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b278e460-7cfc-4451-8294-cccc40a940d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"AuditSecureProtocol\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AuditSecureProtocol\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs for Search service\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Search\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an API app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b48334a4-911b-4084-b1ab-3e6a4e50b951\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of Azure Active Directory for client authentication in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit usage of client authentication only via Azure Active Directory in Service Fabric\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b54ed75b-3e1a-44ac-a333-05ba39b99ff0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be0a7681-bed4-48dc-9ff3-f0171ee170b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Asia data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastasia\",\r\n \"southeastasia\",\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\",\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Data Lake Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply Diagnostic Settings for Network Security Groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy automatically deploys diagnostic settings to network security groups.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist)\",\r\n \"description\": \"This resource group must already exist\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setbypolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"rgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"storageDeployName\": \"[concat('policyStorage_', uniqueString(parameters('location'), parameters('nsgName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('nsgName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [\r\n \"[variables('storageDeployName')]\"\r\n ],\r\n \"properties\": {\r\n \"storageAccountId\": \"[reference(variables('storageDeployName')).outputs.storageAccountId.value]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('storageDeployName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('rgName')]\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-06-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[concat(parameters('storageprefix'), parameters('location'))]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"location\": \"[parameters('location')]\",\r\n \"tags\": {\r\n \"created-by\": \"policy\"\r\n },\r\n \"scale\": null,\r\n \"properties\": {\r\n \"networkAcls\": {\r\n \"bypass\": \"AzureServices\",\r\n \"defaultAction\": \"Allow\",\r\n \"ipRules\": [],\r\n \"virtualNetworkRules\": []\r\n },\r\n \"supportsHttpsTrafficOnly\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"storageAccountId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[resourceId(parameters('rgName'), 'Microsoft.Storage/storageAccounts',concat(parameters('storagePrefix'), parameters('location')))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('rgName')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb510bfd-1cba-4d9f-a230-cb0976f4bb71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed virtual machine SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for virtual machines.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cccc23c7-8427-4f53-ad12-b6a63eb452b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'department' tag set\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation only if the 'department' tag is set\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags\",\r\n \"containsKey\": \"department\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd8dc879-a2ae-43c3-8211-1877c5755064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Key Vault\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf820ca0-f99e-4f3e-84fb-66e913812d21\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Function Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a Function app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a web application from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd2ea520-6b06-45c3-806e-ea297c23e06a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e01598e8-6538-41ed-95e8-8b29746cd697\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor OS vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"osVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3576e28-8b17-4677-84c3-db2990658d64\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"global\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"notEquals\": \"Microsoft.AzureActiveDirectory/b2cDirectories\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e56962a6-4747-49cd-b67b-bf8b01975c4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Node.js Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Node.js version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestNodeJS\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e67687e8-08d5-4e7f-8226-5b4753bba008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations for resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that resource groups can be created in.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e765b5de-1225-4ba3-bd56-1ac6695af988\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within a web application must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e797f851-8be7-4c40-bb56-2e3395215b0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an API app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration and Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid110\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"NotInstalledApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"NotInstalledApplication\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[Parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0633351-c7b2-41ff-9981-508fc08553c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid121\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if they not logging to the LA workspace specified in the policy/initiative assignment.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"notEquals\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f47b5582-33ec-4c5c-87c0-b010a6b2e917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of authorization rules on Event Hub entities\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit existence of authorization rules on Event Hub entities to grant least-privileged access\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/eventhubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/eventHubs/authorizationRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4826e5f-6a27-407c-ae3e-9582eb39891d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Auditing on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\",\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8456c1c-aa66-4dfb-861a-25d127b775c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Service Bus\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Stream Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Stream Analytics\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingJobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits that the specified application is installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor SQL vulnerability assessment results in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedinstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"feedbf84-6b99-488c-acc2-71c829aa5ffc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage_httpsTrafficOnly\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/023217dd-81bb-461f-93ea-8799caac50c7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"023217dd-81bb-461f-93ea-8799caac50c7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"This shouldn't work\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This customer's policy is attempting to append multiple tags at once. I expect it will just append one tag with a really long name\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"value\": [\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04183864-11ae-4e7a-aadb-c600e40ed1b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04183864-11ae-4e7a-aadb-c600e40ed1b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Inherit named tag from resource group\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Applies the tag value from the resource group if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[resourcegroup().tags[parameters('tagName')]]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04904947-4d10-4454-9a50-f423d590e11b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04904947-4d10-4454-9a50-f423d590e11b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robga-nsgtemplate-test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ddfee46-9b63-4313-a529-cfbf968d8118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ddfee46-9b63-4313-a529-cfbf968d8118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akif incident - 85944710\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 85944710\\nhttps://icm.ad.msft.net/imp/v3/incidents/details/85944710/home\\n\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af12870bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af12870bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"second attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af1287abe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af1287abe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/123c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"123c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim nsg repro\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"fix\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/14ac45e9-df97-455d-b6ee-dd216f15f694\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"14ac45e9-df97-455d-b6ee-dd216f15f694\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim-incident-86226837-fix\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"1 - reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/15358dd8-671e-4c96-be33-2b668791418f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"15358dd8-671e-4c96-be33-2b668791418f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Attempt service bus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logProfiles\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logProfiles/serviceBusRuleId\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/163c640e-681c-445f-92ba-cd434bd8c11c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"163c640e-681c-445f-92ba-cd434bd8c11c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.zyx\",\r\n \"exists\": \"false\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/17d43473-870f-4bc8-93c6-3961fa1d91cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17d43473-870f-4bc8-93c6-3961fa1d91cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit all tags\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"tags\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags\",\r\n \"value\": \"[resourceGroup().tags]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1e3c9312-c011-40a3-ac40-3bf3ddc24120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e3c9312-c011-40a3-ac40-3bf3ddc24120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource group locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Allowed resource group locations\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f20036f-28c3-48f3-9266-05d50fe391f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f20036f-28c3-48f3-9266-05d50fe391f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"docdb_aliases_test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/isVirtualNetworkFilterEnabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f5360b7-fe59-43f7-8af5-825df420d09c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f5360b7-fe59-43f7-8af5-825df420d09c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ovewrites security rules with IP restrictions at the securityRule level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Limit to one protocol. The most inclusive should come last. I.e. 22;22-22;22-23\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"priority\": {\r\n \"type\": \"int\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[parameters('fullRuleName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-02-01\",\r\n \"properties\": {\r\n \"protocol\": \"*\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[last(parameters('destinationPortRanges'))]\",\r\n \"access\": \"Allow\",\r\n \"direction\": \"Inbound\",\r\n \"priority\": \"[parameters('priority')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[field('Microsoft.Network/networksecurityGroups/securityRules/priority')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"20c4afd0-8a77-4433-b8b0-4ad06e4c7111\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy NSGs on Subnets\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforce that all subnets have a Network Security Group. If a subnet does not have one an NSG with the default Internet Exposed Endpoint restrictions will be created and associated with it.\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string to apply to all automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges must not overlap.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks/subnets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"notEquals\": \"null\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgPrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"nsgName\": \"[concat(parameters('nsgPrefix'), '-', parameters('location'))]\",\r\n \"vnetName\": \"[split(parameters('fullResourceName'), '/')[0]]\",\r\n \"vnetResourceId\": \"[resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))]\",\r\n \"getVnetDeploymentName\": \"[concat('getVnet-', variables('vnetName'))]\",\r\n \"collectSubnetsDeploymentName\": \"[concat('collectSubnets-', variables('vnetName'))]\",\r\n \"overwriteVnetDeploymentName\": \"[concat('overwriteVnet-', variables('vnetName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"vnetProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('vnetResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[variables('nsgName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"securityRules\": [\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Restrict\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from specific IP ranges (either corpnet or SAW)\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3997,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_AllowVnet\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from within the VNET\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"VirtualNetwork\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3998,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Deny\",\r\n \"properties\": {\r\n \"description\": \"Deny any controlled port connections that aren't explicitly allowed in higher priority rules\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 3999,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_AllowAll\",\r\n \"properties\": {\r\n \"description\": \"Allow all inbound traffic that isn't explicitly blocked by Port Lockdown restrictions\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 4000,\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectSubnetsDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_collectSubnets_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"nsgResourceId\": {\r\n \"value\": \"[resourceid('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"dependsOn\": [\r\n \"[variables('nsgName')]\"\r\n ],\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_overwriteVnet_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"updatedSubnets\": {\r\n \"value\": \"[reference(variables('collectSubnetsDeploymentName')).outputs.updatedSubnets.value]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"nsgPrefix\": {\r\n \"value\": \"[parameters('nsgPrefix')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/210ed8bd-6b07-4d5e-a62c-c34f07293288\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"210ed8bd-6b07-4d5e-a62c-c34f07293288\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit all Microsoft.Web/sites/config/authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/211a466d-b2be-46e8-b029-8c28f566f118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"211a466d-b2be-46e8-b029-8c28f566f118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of a tag2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits that a required tag is present on resources\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"notcontainsKey\": \"[parameters('tagName')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24813039-7534-408a-9842-eb99f45721b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append single location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.locationTest\",\r\n \"value\": \"[parameters('allowedLocation')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin oms vm linux parameterized effect\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"263f13f4-6b88-4788-bead-34beedde70ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test guest assignment\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/28e54a72-2fd7-40d3-afe2-b05423e0147a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"28e54a72-2fd7-40d3-afe2-b05423e0147a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"2nd attempt on this policy. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"notIn\": \"[parameters('allowedLocations')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd60841400\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd60841400\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-combined\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"the combined policy attempt for both cosmos db cases. \",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"locationNames\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd6084180f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd6084180f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage ip rules append 2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.ipRules\",\r\n \"value\": [\r\n {\r\n \"value\": \"8.8.8.8\",\r\n \"action\": \"Allow\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/2b2317a7-ab02-47b5-8159-eb7e6227709f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2b2317a7-ab02-47b5-8159-eb7e6227709f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[demo] Enforce KeyVault diagnostic log storage\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"[tolower(concat('cheggkv', parameters('location')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('cheggremdemo', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/332ce4ac-9200-4573-8c66-92b85fc82c8d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"332ce4ac-9200-4573-8c66-92b85fc82c8d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_enableAutomaticFailover\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/enableAutomaticFailover\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_defaultConsistencyLevel\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/consistencyPolicy.defaultConsistencyLevel\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0b7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_readLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_writeLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_failoverPolicies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd160\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c0df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c0df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL and Managed Instance TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c144\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c144\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services vaults test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"vault\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vault\",\r\n \"description\": \"The Recovery Services Vault.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n },\r\n \"vaults\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vaults\",\r\n \"description\": \"The list of Recovery Services Vaults.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('vault')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('vaults')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b2c1b0f-63c5-4943-8578-6d37fbe411bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b2c1b0f-63c5-4943-8578-6d37fbe411bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b788cf8-ff6f-4075-86a1-ab76270790e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b788cf8-ff6f-4075-86a1-ab76270790e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3cc5820a-cbb8-4977-9c90-d90ced95f12c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3cc5820a-cbb8-4977-9c90-d90ced95f12c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Name should have prefix and suffix\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Name should have prefix and suffix\",\r\n \"parameters\": {\r\n \"prefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The prefix\",\r\n \"description\": \"The name prefix\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"suffix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The suffix\",\r\n \"description\": \"The name suffix.\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('prefix'), '*', parameters('suffix'))]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e275e2e-a157-4ade-8f91-43b3ea370007\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e275e2e-a157-4ade-8f91-43b3ea370007\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Restrict VM skus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Restricts allowed VM skus to a predefined regex\",\r\n \"parameters\": {\r\n \"allowedSkuTemplate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed VM sku template\",\r\n \"description\": \"The VM sku template. Supports wildcards via '*'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"like\": \"[parameters('allowedSkuTemplate')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e34c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e34c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKU\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits the use of storage account SKUs that don't meet organizational cost policy.\",\r\n \"parameters\": {\r\n \"listOfAllowedSkus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of allowed SKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSkus')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e3682\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e3682\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaDataFactoryTest1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"RobgaDataFactoryTest\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataFactory/factories\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/robgatestworkspace/providers/Microsoft.OperationalInsights/workspaces/robgatestworkspace\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce autoUpgrade on VM/VMSS extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies any VM or VMSS extensions that do not have autoUpgradeMinorVersion set to true.\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f772\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f772\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically enabled autoUpgradeMinorVersion on VM extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f783\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f783\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM scale set extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically appends autoUpgradeMinorVersion=true to VMSS extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f7a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f7a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService must use serverFarm\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService serverFarm must have capacity > 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/serverFarms\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/serverFarms/sku.capacity\",\r\n \"in\": [\r\n \"0\",\r\n \"1\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc23\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc23\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Definition to be deleted.\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy will deploy a key vault named KV_B if a key vault named KV_A does not exist.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"KV_B\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-10-01\",\r\n \"name\": \"KV_A\",\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"location\": \"eastus2\",\r\n \"properties\": {\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"sku\": {\r\n \"family\": \"A\",\r\n \"name\": \"standard\"\r\n },\r\n \"accessPolicies\": []\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/48ba81c1-0012-4796-8166-c2efb4304190\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48ba81c1-0012-4796-8166-c2efb4304190\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Do_Not_Delete\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy is used for unit tests. Please do not delete it.\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4a0425e4-97bf-4ad0-ab36-145b94083c60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4a0425e4-97bf-4ad0-ab36-145b94083c60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny MySQL firewallRules starting with 0\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4b94c320-ce63-4fb6-ba9d-7dbe648b90de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4b94c320-ce63-4fb6-ba9d-7dbe648b90de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83686598\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"deny the creation of storage if supportsHttpsTrafficOnly is false\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"detect 'allow All' NSG rule\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c915617-16f0-4c62-b021-e66d5409d11d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c915617-16f0-4c62-b021-e66d5409d11d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332195\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332199\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332199\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny storage container creation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts/blobServices/containers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4d2f8837-7acb-4488-b580-95960ee3f116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d2f8837-7acb-4488-b580-95960ee3f116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure auto-created NSG rules exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ensures that security rules created in auto-created PortLockdown NSGs are not tampered with\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string applied to automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to in the expected security rule. I.e. 192.4.0.0/8;192.5.0.0/8 or *\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions in the expected security rule\"\r\n }\r\n },\r\n \"priority\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected priority\",\r\n \"description\": \"The priority of the expected security rule.\"\r\n }\r\n },\r\n \"access\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected access\",\r\n \"description\": \"The access (allow/deny) of the expected security rule.\"\r\n },\r\n \"allowedValues\": [\r\n \"Allow\",\r\n \"Deny\"\r\n ]\r\n },\r\n \"name\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected name\",\r\n \"description\": \"The name of the expected security rule.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('nsgPrefix'), '-', field('location'))]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"equals\": \"[parameters('priority')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"[parameters('access')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"name\": {\r\n \"type\": \"string\"\r\n },\r\n \"priority\": {\r\n \"type\": \"string\"\r\n },\r\n \"access\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"isSinglePrefix\": \"[equals(count(parameters('sourceAddressPrefixes')), 1)]\",\r\n \"isSinglePortRange\": \"[equals(count(parameters('destinationPortRanges')), 1)]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('nsgName'), '/', parameters('name'))]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"properties\": {\r\n \"description\": \"Rule auto-created by Internet Exposed Endpoints protection\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[if(variables('isSinglePortRange'), first(parameters('destinationPortRanges')), '')]\",\r\n \"destinationPortRanges\": \"[if(not(variables('isSinglePortRange')), parameters('destinationPortRanges'), json('[]'))]\",\r\n \"sourceAddressPrefix\": \"[if(variables('isSinglePrefix'), first(parameters('sourceAddressPrefixes')), '')]\",\r\n \"sourceAddressPrefixes\": \"[if(not(variables('isSinglePrefix')), parameters('sourceAddressPrefixes'), json('[]'))]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"[parameters('access')]\",\r\n \"priority\": \"[int(parameters('priority'))]\",\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"name\": {\r\n \"value\": \"[parameters('name')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[parameters('priority')]\"\r\n },\r\n \"access\": {\r\n \"value\": \"[parameters('access')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f283ec4-25a9-46df-bbf2-806ed5a3e115\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rs defaultvalue backslash\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Extensions to Exclude\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \".FWD;.GSC;.GSE;.MYD;.MYI;.SMD;.VAC;.BAK;.CHK;.FRM;.LDF;.LOG;.MBX;.MDF;.NDF;.TRN;.UND;.UNF;.UNH;.UNI;.UNQ;.UNS;.VHD;.VMDX;.WCI;.EDB;.SDS\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Paths to Exclude\",\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Sysvol;C:\\\\ProgramData\\\\Microsoft\\\\SharePoint;C:\\\\Program Files\\\\Common Files\\\\Microsoft Shared\\\\Web Server Extensions;C:\\\\Program Files\\\\Operations Manager;C:\\\\Program Files\\\\Microsoft Monitoring Agent;C:\\\\Program Files\\\\Microsoft Office Servers;C:\\\\Program Files\\\\Microsoft System Center 2012 R2\\\\Server;C:\\\\Program Files\\\\System Center Operations Manager;C:\\\\Program Files\\\\System Center Operations Manager 2007;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\NTDS;C:\\\\Windows\\\\System32\\\\LogFiles;C:\\\\Windows\\\\Sysvol;C:\\\\Program Files\\\\Double-Take Software;C:\\\\Program Files\\\\DoubleTake;C:\\\\Program Files\\\\Exchsrvr;C:\\\\Program Files\\\\Ipswitch;C:\\\\Program Files\\\\LogMeIn;C:\\\\Windows\\\\SoftwareDistribution\\\\Datastore;C:\\\\Windows\\\\Temp\\\\Gthrsvc\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Processes to Exclude\",\r\n \"description\": \"Semicolon delimited list of processes to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"HealthService.exe;ManagementService.exe;Microsoft.Mom.Sdk.Service.exe;Microsoft.Mom.ConfigServiceHost.exe;MonitoringHost.exe;pagefile.sys\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable real time protection\",\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Scheduled scans\",\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n },\r\n \"defaultValue\": \"false\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Scheduled Scan Type\",\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n },\r\n \"defaultValue\": \"Quick\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Day of Scheduled Scan\",\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n },\r\n \"defaultValue\": \"7\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Time of Scheduled Scan\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"120\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"value\": \"[parameters('ExclusionsExtensions')]\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"value\": \"[parameters('ExclusionsPaths')]\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"value\": \"[parameters('ExclusionsProcesses')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"[parameters('RealtimeProtectionEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsIsEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsDay')]\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsTime')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50877efd-8dd9-43d5-b4e6-3b70e64311b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50877efd-8dd9-43d5-b4e6-3b70e64311b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy key vault KV_B if key vault KV_A does not exist.\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy will deploy a key vault named KV_B if a key vault named KV_A does not exist.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"KV_B\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-10-01\",\r\n \"name\": \"KV_A\",\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"location\": \"eastus2\",\r\n \"properties\": {\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"sku\": {\r\n \"family\": \"A\",\r\n \"name\": \"standard\"\r\n },\r\n \"accessPolicies\": []\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50e2972e-143c-4edf-9ef6-bee0f84212d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaTestRbac\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Authorization/roleAssignments/principalId\",\r\n \"equals\": \"Admin\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/560482cd-dac5-41e6-9cef-b0aecd6020de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"560482cd-dac5-41e6-9cef-b0aecd6020de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"GokmenhAuditLocation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit if not west us\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5948d091-78b7-4d3b-a404-cc6a0329b0c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5948d091-78b7-4d3b-a404-cc6a0329b0c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"deployifnotexist template alias tests - redis\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/Redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/sku.family\",\r\n \"equals\": \"C\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"Whatever*\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"type\": \"string\"\r\n },\r\n \"nameField\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuFamilyOut\": {\r\n \"value\": \"[parameters('skuFamily')]\",\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPortOut\": {\r\n \"value\": \"[parameters('enableNonSslPort')]\",\r\n \"type\": \"string\"\r\n },\r\n \"nameFieldOut\": {\r\n \"value\": \"[parameters('nameField')]\",\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/sku.family')]\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/enableNonSslPort')]\"\r\n },\r\n \"nameField\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"exists\": \" false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca376\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca376\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86318519\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86318519\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallrules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"AllowAllWindowsAzureIps\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca600\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca600\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"exists\": \"true\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"notIn\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca8d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca8d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Test storage alias\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Test storage alias\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"type\": \"string\"\r\n },\r\n \"encrypt\": {\r\n \"type\": \"string\"\r\n },\r\n \"accessTier\": {\r\n \"type\": \"string\"\r\n },\r\n \"skuName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuNameOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('skuName')]\"\r\n },\r\n \"accessTierOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('accessTier')]\"\r\n },\r\n \"httpsOnlyOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('httpsOnly')]\"\r\n },\r\n \"encryptOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('encrypt')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly')]\"\r\n },\r\n \"encrypt\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/enableBlobEncryption')]\"\r\n },\r\n \"accessTier\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/accessTier')]\"\r\n },\r\n \"skuName\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/sku.name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5fa69139-9a49-464e-90b5-0d243a469138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5fa69139-9a49-464e-90b5-0d243a469138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit costcenter tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"value\": \"[resourceGroup().tags.CostCenter]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6ced0d17-98f3-41e2-8038-08c8f4fb90e3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6ced0d17-98f3-41e2-8038-08c8f4fb90e3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim Apply allowed tag and its default value\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"3\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n },\r\n \"allowedValues\": [\r\n \"TagA\",\r\n \"TagB\"\r\n ]\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6d1735de-f3e3-4c40-a8b2-7b3a1042a895\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6d1735de-f3e3-4c40-a8b2-7b3a1042a895\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": null\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"3\"\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"Metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The metric operator.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"The timeAggregation.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"The window size.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"The evaluation frequency.\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The action group id.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('alertNamePrefix'), '*')]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(toLower(parameters('alertNamePrefix')), uniqueString(resourceGroup().id))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6f2c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6f2c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testImageId\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"css\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"contains\": \"resourceGroups/testSandipsh\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/70dc1e8d-61c9-4089-8bf5-895b227c1298\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"70dc1e8d-61c9-4089-8bf5-895b227c1298\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"policyTrackedResources-sdk-tests\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"notIn\": [\r\n \"policyTrackedResources-sdk-tests-rule1\",\r\n \"policyTrackedResources-sdk-tests-rule2\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule1')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule2')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2001,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny if blob is not encrypted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/74d5cf40-7293-46a4-a285-7ea971e3719a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"74d5cf40-7293-46a4-a285-7ea971e3719a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Location restriction\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Policy to force allocations to a set of given locations\",\r\n \"metadata\": {\r\n \"category\": \"cstack\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/763dcd1d-a4a9-46a8-8bd3-357c4533a335\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"763dcd1d-a4a9-46a8-8bd3-357c4533a335\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"chegg deploy VMSS extension\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"GenevaMonitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Geneva\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-01\",\r\n \"name\": \"[concat(parameters('vmssName'), '/', 'genevaExtension2')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Geneva\",\r\n \"type\": \"GenevaMonitoring\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {}\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/767d74dd-8fe3-4ef2-a38a-52164f9230da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"767d74dd-8fe3-4ef2-a38a-52164f9230da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83577342 deny proxy resource location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/83577342/home\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"eastus\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingjobs/transformations\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/77429b44-aac1-4417-a53e-6900c07e11ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"77429b44-aac1-4417-a53e-6900c07e11ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Block TLS < 1.2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/slots/config\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\r\n \"notEquals\": \"1.2\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/78c5df31-2f05-4f4d-acfe-3e536d88c1bc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"78c5df31-2f05-4f4d-acfe-3e536d88c1bc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny ActiveDirectory administrators\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/administrators/administratorType\",\r\n \"equals\": \"ActiveDirectory\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash weird chars\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR!@#$%^&*()_+=-{}[];:',.<>?~`/;C:\\\\hello\\\\there\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7f4d769f-78db-46eb-ac3c-0b8214f8c245\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f4d769f-78db-46eb-ac3c-0b8214f8c245\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock v2\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/83daa8ee-7c9a-470c-81a8-5a99ac09d134\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83daa8ee-7c9a-470c-81a8-5a99ac09d134\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"northwell.io\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/86cd412c-c557-473b-984c-a5f15cdcb116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86cd412c-c557-473b-984c-a5f15cdcb116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Parameterized effect (if location != eastus)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The policy effect.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"eastus\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"885f1dcb-a9c5-4c8c-8996-2702db44a2d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.xyz\",\r\n \"exists\": false\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8959fd87-c1dd-4831-9034-a4f876bee1cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8959fd87-c1dd-4831-9034-a4f876bee1cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Kubernetes ingress policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Only specified ingress is allowed based on names\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere applicability test 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/whatever\"\r\n },\r\n {\r\n \"field\": \"tags.applicability\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8e6b598c-1a45-404b-97dd-983e37c040da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8e6b598c-1a45-404b-97dd-983e37c040da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_ipRangeFilter\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/ipRangeFilter\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9012b1cd-b045-46c6-a510-6137e06a009c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash (array)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": [\r\n \"C:\\\\rs-pkgs\",\r\n \"C:\\\\System Volume Information\\\\DFSR\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/985adbc0-6d2e-448a-ac26-89d3688191d5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"985adbc0-6d2e-448a-ac26-89d3688191d5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github209\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/virtualNetworkRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9a060c03-fda7-4b0a-b4da-15e2b7e4d117\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9a060c03-fda7-4b0a-b4da-15e2b7e4d117\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - Subscription Lvl test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Subscriptionlevel auditIfNotExist policy\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a1b067c8-2970-4c0b-b0da-31ae7f33d1de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1b067c8-2970-4c0b-b0da-31ae7f33d1de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Noop\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Don't do anything\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"yabba\",\r\n \"dabba\",\r\n \"doo\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a309ad64-0bae-48d9-a6b1-d99c0b4218b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a309ad64-0bae-48d9-a6b1-d99c0b4218b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyof\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a337c781-c7d8-4e12-ae69-1951c7e74378\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a337c781-c7d8-4e12-ae69-1951c7e74378\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127 - better\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\",\r\n \"Deny\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"81196380\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure https traffic only for storage account\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure https traffic only for storage account\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"true\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscription name tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"add subscription name tag\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionname\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionname\",\r\n \"value\": \"[subscription().displayName]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d82a2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d82a2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Add subscription \\\"id\\\" tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.id\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.id\",\r\n \"value\": \"[subscription().id]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8339\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8339\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscriptionId tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionId\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionId\",\r\n \"value\": \"[subscription().subscriptionId]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8635\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8635\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgaNSGtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/aeb6a524-e3d1-4b8a-afa8-26ae4e291116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aeb6a524-e3d1-4b8a-afa8-26ae4e291116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed Location Indexed\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"hackathon policy\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Allowed-Locations-Indexed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Allowed-Locations-Indexed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if antiMalware extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy audits if the anti malware extension .\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/antiMalwareExtensionExists\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"antiMalwareExtensionExists\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Web socket must be disabled on App Services\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures web sockets are disabled on App Services.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/AppServiceWebSockets\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"AppServiceWebSockets\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure Security Center must be enabled\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures Azure Security Center is enabled.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ASCEnabled\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ASCEnabled\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and it's value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and its value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits if a required extension doesn't exist.\",\r\n \"parameters\": {\r\n \"publisher\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The publisher of the extension\",\r\n \"displayName\": \"Extension Publisher\"\r\n }\r\n },\r\n \"type\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The type of the extension\",\r\n \"displayName\": \"Extension Type\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"[parameters('publisher')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"[parameters('type')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/audit-vm-extension\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"audit-vm-extension\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"CanCrudPolicyAssignment Policy Definition $[Auto Test]\",\r\n \"policyType\": \"Custom\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"ResourceProviderTestHost/TestResourceType/TestResourceTypeNestedOne/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/azsmnet6487\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"azsmnet6487\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"89322663 audit diag setting\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"description\": \"The list of resources types to audit for missing diagnostic log settings.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"details\": {\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"equals\": \"true\",\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\"\r\n }\r\n ]\r\n },\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\"\r\n },\r\n \"effect\": \"AuditIfNotExists\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b350b9b0-8ba5-4867-bc9c-63b4544671b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b350b9b0-8ba5-4867-bc9c-63b4544671b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"makharchtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"policy\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b36f6195-0fc5-4a41-bbce-875248400f5f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b36f6195-0fc5-4a41-bbce-875248400f5f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash really long string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b9203c56-0565-434a-a315-87f4da9f21b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b9203c56-0565-434a-a315-87f4da9f21b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"NSG Rules exists test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].protocol\",\r\n \"notLike\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/bb6a78ae-8737-41e0-9c41-cc777c8c00a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bb6a78ae-8737-41e0-9c41-cc777c8c00a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c0f586f1-abe5-4801-8588-7332e49e60c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c0f586f1-abe5-4801-8588-7332e49e60c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"234\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logprofiles\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/logprofiles\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Doublecheck the lifecycle tag policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy refers to tags['Lifecycle'], which with the current implementation of the escaped tags syntax will refer to a tag named 'Lifecycle' (quotes and all). This is a customer policy that would be broken when I switch the meaning of tags['Lifecycle'] to refer simply to a tag named Lifecycle (no quotes)\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['Lifecycle']\",\r\n \"notIn\": [\r\n \"dev\",\r\n \"tst\",\r\n \"stg\",\r\n \"prd\",\r\n \"trn\",\r\n \"prf\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c6be98a9-8108-40aa-b726-d2ae8e2891b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c6be98a9-8108-40aa-b726-d2ae8e2891b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe resource group auditIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c7b9982d-2f50-4730-935f-5c241982a441\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c7b9982d-2f50-4730-935f-5c241982a441\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed resource types\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": \"The list of allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('allowedTypes')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c872f951-1c5d-4c61-89dd-aee2350a11ba\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8b79b49-a579-4045-984e-1b249ab8b474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8cedfaa-4aa0-465a-8b90-49caf8177158\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8cedfaa-4aa0-465a-8b90-49caf8177158\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere css block NSG changes\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/95894791/home\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"nsgName\",\r\n \"description\": \"The name of the NSG.\"\r\n },\r\n \"defaultValue\": \"nsgName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('nsgName')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"fullName\",\r\n \"like\": \"[concat(parameters('nsgName'), '/*')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ca01432d-4278-45a6-8137-69f2155d2248\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ca01432d-4278-45a6-8137-69f2155d2248\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin empty string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure resource names meet the like condition for a pattern.\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"namePattern\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"namePattern\",\r\n \"description\": \"Pattern to use for names. Can include wildcard (*).\"\r\n },\r\n \"allowedValues\": [\r\n \"\",\r\n \"one\",\r\n \"two\"\r\n ],\r\n \"defaultValue\": \"\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('namePattern')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"camarvin-test-empty-assign\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere append 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.test\",\r\n \"value\": \"1\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny on 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.test\",\r\n \"equals\": \"1\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Resource name contains resource group name\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Require resources to contain the resource group's name\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"notContains\": \"[resourceGroup().name]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/contain-resource-group-name\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"contain-resource-group-name\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v3\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"third attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5002\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-deployIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"deploys a delete lock for a resource \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/0b88dfdb-55b3-4fb0-b474-5b6dcbe6b2ef/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"CanNotDelete\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {},\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"apiVersion\": \"2015-01-01\",\r\n \"name\": \"DeleteLock\",\r\n \"properties\": {\r\n \"level\": \"CanNotDelete\",\r\n \"notes\": \"prevent deletion\"\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5632\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5632\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce KeyVault diagnostic log storage (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"elperetest\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('elpere', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d0d9349d-843c-443a-9f27-5ce84f08c37e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d0d9349d-843c-443a-9f27-5ce84f08c37e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Access KV as part of remidiation deployment test (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"hello\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"outputs\": {\r\n \"testSecretOutput\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('testSecret')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"reference\": {\r\n \"keyVault\": {\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/elpere/providers/Microsoft.KeyVault/vaults/elpereKv\"\r\n },\r\n \"secretName\": \"test\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d35ce9be-f51b-4d3e-bc7f-dde2936381b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d35ce9be-f51b-4d3e-bc7f-dde2936381b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs (NSG level)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Overwrites security rules with IP restrictions at the NSG level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges may overlap.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"getNsgDeploymentName\": \"[concat('getNSGContent-', parameters('nsgName'))]\",\r\n \"collectorDeploymentName\": \"[concat('collectRules-', parameters('nsgName'))]\",\r\n \"overwriteNsgDeploymentName\": \"[concat('overwriteNsg-', parameters('nsgName'))]\",\r\n \"nsgResourceId\": \"[resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"nsgProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('nsgResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectorDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_collectRules_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"nsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"portRangesToRestrict\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_overwriteNSG_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"originalNsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"updatedSecurityRules\": {\r\n \"value\": \"[reference(variables('collectorDeploymentName')).outputs.updatedSecurityRules.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d7b13c30-e6aa-47e1-b50a-8e33f152d086\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d7b13c30-e6aa-47e1-b50a-8e33f152d086\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Audited skus\",\r\n \"description\": \"The list of skus.\",\r\n \"strongType\": \"storageSkus\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e90ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e90ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List Of Allowed SKUs\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"vmSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e9170\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e9170\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[elpere] deployIfNotExists Runners test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"deployIfNotExistsTestsRule\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/deployIfNotExistsTestsRule')]\",\r\n \"properties\": {\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbfa9fc0-5202-4001-8759-1aa2387f825b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbfa9fc0-5202-4001-8759-1aa2387f825b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"allowedOS\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"test_sandipsh\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedWindows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Windows VMs\",\r\n \"description\": \"The list of allowed VMs for Windows.\"\r\n }\r\n },\r\n \"listOfAllowedUbuntus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Ubuntu VMs\",\r\n \"description\": \"The list of allowed VMs for Ubuntu.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/disks\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"Canonical\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"UbuntuServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedUbuntus')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedWindows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services backup policies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"policies\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policies\",\r\n \"description\": \"The list of allowed Recovery Services backup policies.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n },\r\n \"policy\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policy\",\r\n \"description\": \"Allowed Recovery Services backup policy.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('policies')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('policy')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e3f9a624-b17d-4dc8-9649-65814d3241bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3f9a624-b17d-4dc8-9649-65814d3241bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"authSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their logs config\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"logs\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny changing sites authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"defaultValue: all parameters\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"defaultValue\"\r\n },\r\n \"parameters\": {\r\n \"locations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array)\",\r\n \"description\": \"The list of locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": [\r\n \"eastus\",\r\n \"westus\"\r\n ]\r\n },\r\n \"location\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string)\",\r\n \"description\": \"The location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"resourceGroups\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array)\",\r\n \"description\": \"The list of resource groups.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": [\r\n \"camarvin\"\r\n ]\r\n },\r\n \"resourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string)\",\r\n \"description\": \"The resource group.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": \"camarvin\"\r\n },\r\n \"tags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array)\",\r\n \"description\": \"The list of tags.\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"tag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string)\",\r\n \"description\": \"The tag.\"\r\n },\r\n \"defaultValue\": \"\"\r\n },\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array, av)\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": [\r\n \"eastus\"\r\n ]\r\n },\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string, av)\",\r\n \"description\": \"The allowed location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"allowedStorageSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array, av)\",\r\n \"description\": \"The list of allowed storage SKUs for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ]\r\n },\r\n \"allowedStorageSKU\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string, av)\",\r\n \"description\": \"The allowed storage SKU for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": \"Standard_LRS\"\r\n },\r\n \"allowedTags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array, av)\",\r\n \"description\": \"The list of allowed tags.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ]\r\n },\r\n \"allowedTag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string, av)\",\r\n \"description\": \"The allowed tag.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": \"FirstName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('locations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('resourceGroups')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('resourceGroup')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('tags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('tag')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedStorageSkus')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"Equals\": \"[parameters('allowedStorageSku')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedTags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"NotEquals\": \"[parameters('allowedTag')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ea1688b3-022e-4add-af39-2fe60689a3b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ea1688b3-022e-4add-af39-2fe60689a3b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny \\\"Allow All\\\" NSG rules\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies the creation of sourceAddressPrefix=\\\"*\\\", destinationPortRange=\\\"*\\\" NSG security rules\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"PortLockdown_AllowAll\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"notEquals\": \"4000\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github264\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/siteAuthSettings.enabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ef00ee9d-fe45-4d14-8bee-789eea392116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ef00ee9d-fe45-4d14-8bee-789eea392116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy enables you to audit your location.\",\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/LocationAuditDefinition\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"LocationAuditDefinition\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"northeurope\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/policy2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"policy2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps6386\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps6386\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps8886\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps8886\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9652\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps9652\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test policy\",\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testSandipsh.draft\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testSandipsh.draft\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testtest\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"testtest\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testtest\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testtest\"\r\n }\r\n ]\r\n}", + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines without disaster recovery configured\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"ASR-Protect-*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an Function app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"001802d1-4969-4c82-a700-c29c6c6f9bbd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"053d3325-282c-4e5c-b944-24faffd30d77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Data Lake Store\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057ef27e-665e-4328-8ea3-04b3122bd9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL DB Level Audit Setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit DB level audit setting for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit VMs that do not use managed disks\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0868462e-646c-4fe3-9ced-a733534b6a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08b17839-76c6-4015-90e0-33d9d54d219c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit minimum number of owners for subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate more than one subscription owner in order to have administrator access redundancy.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateMoreThanOneOwner\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted VM Disks in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0961003e-5a0a-4549-abde-af6a37f2724d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit resource location matches resource group location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that the resource location matches its resource group location\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"notIn\": [\r\n \"[resourcegroup().location]\",\r\n \"global\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a914e76-4921-4c19-b460-a2d36003525a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an function app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e60b895-3786-45da-8377-9c6b4b6ac5f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11ac78e3-31bc-4f0c-8434-37ab963cea07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the required content to audit that an application is installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"WhitelistedApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WhitelistedApplication\"\r\n },\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"installedApplication\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[Parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit transparent data encryption status\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit transparent data encryption status for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"enabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17k78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1c210e94-a481-4beb-95fa-1571b434fb04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicCompute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d84d5fb-01f6-4d12-ba4f-4a26081d403d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1de7b11d-1870-41a5-8181-507e7c663cfb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enforces a required tag and its value. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e30110a-5ceb-460c-a204-c1c3969c6d62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit provisioning of an Azure Active Directory administrator for SQL server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/administrators\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f314764-cb73-4fc9-b863-8eca98ac36e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected web application in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Web applications without a Web Application Firewall protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\",\r\n \"Microsoft.Web/hostingEnvironments\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201ea587-7c90-41c3-910f-c280ae01cfd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a API app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"224da9fe-0d38-4e79-adb3-0a6e2af942ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of only secure connections to your Redis Cache\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Cache\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22bee202-a82f-4305-9a2a-6d7f44d4dedb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordLength\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordLength\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit configuration of metric alert rules on Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit configuration of metric alert rules on Batch account to enable the required metric\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/alertRules\",\r\n \"existenceScope\": \"Subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\r\n \"equals\": \"[parameters('metricName')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\r\n \"equals\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', field('name'))]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Microsoft IaaSAntimalware extension for Windows Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys a Microsoft IaaSAntimalware extension with a default configuraion when a VM is not configured with the antimalware extension.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of process names to exclude from scanning\"\r\n }\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"false\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Quick\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"7\",\r\n \"metadata\": {\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"120\",\r\n \"metadata\": {\r\n \"description\": \"When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM.\"\r\n }\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2835b622-407b-4114-9198-6f7064cbe0dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Applies a required tag and its default value if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fde8a98-6892-426a-83ba-050e640c0ce0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32133ab0-ee4b-4b44-98d6-042180979d50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid232\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"equals\": \"Allow\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34c877ad-507e-4c82-993e-3452a6e0ad3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Logic Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Logic Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34f95f76-5386-4de7-b824-0d8478470c9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MaximumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MaximumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enablement of encryption of Automation account variables\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is important to enable encryption of Automation account variable assets when storing sensitive data\",\r\n \"metadata\": {\r\n \"category\": \"Automation\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts/variables\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Automation/automationAccounts/variables/isEncrypted\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3657f5a0-770e-44a3-b44e-9431ba1e9735\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Threat Detection is enabled on SQL Servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicStorage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in IoT Hubs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Internet of Things\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Devices/IotHubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"383856f8-de7f-44a2-81fc-e5135b5c2aa4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c1b3629-c8f8-4bf6-862c-037cb9094038\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Log Analytics Agent for Ubuntu VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace\",\r\n \"metadata\": {\r\n \"category\": \"Compute\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\",\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\",\r\n \"14.04.2-LTS\",\r\n \"12.04.5-LTS\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fe37002-5d00-4b37-a301-da09e3a0ca66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit secure transfer to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit requirment of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"404c3081-a854-4457-ae30-26a93ef643f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"428256e6-1fac-4f48-a757-df34c2b3336d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor permissive network access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"permissiveNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44452482-524f-4bf4-b852-0bff7cc4a3ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require SQL Server version 12.0\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures all SQL servers use version 12.0\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/version\",\r\n \"equals\": \"12.0\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46544d7b-1f0d-46f5-81da-5c1351de1b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce automatic OS upgrade with app health checks on VMSS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces usage of automatic OS upgrade with application health checks through health probes, which enables safer rollout by evaluating application health after each OS upgrade batch.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade\",\r\n \"equals\": \"True\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/networkProfile.healthProbe.id\",\r\n \"exists\": \"False\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f0161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible app Whitelisting in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible Application Whitelist configuration will be monitored by Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"applicationWhitelisting\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47a6b606-51aa-4496-8bb7-64b11cf66adc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48893b84-a2c8-4d9a-badf-835d5d1b7d53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Applies a required tag and its default value to resource groups if it is not specified by the user.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d1c04de-2172-403f-901b-90608c35c721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit maximum number of owners for a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateLessThanXOwners\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healty\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f11b553-d42e-4e3a-89be-32ca364cad4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with write permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df82f4f-773a-4a2d-97a2-422a806f1a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in India data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: West India, South India, Central India\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with read permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit the setting of ClusterProtectionLevel property to EncryptAndSign in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].name\",\r\n \"notEquals\": \"Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name\",\r\n \"notEquals\": \"ClusterProtectionLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value\",\r\n \"notEquals\": \"EncryptAndSign\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"617c02be-7f02-4efd-8836-3180d47b6c68\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit missing blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits storage accounts without blob encryption. It only applies to Microsoft.Storage resource types, not other storage providers. Possible network Just In Time access will be monitored by Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"655cb504-bcee-4362-bd4c-402e6aa38759\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a Function app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"664346d9-be92-43fb-a219-d595eeb76a90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a web application from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8450e2-6c61-43b4-be65-62e3a197bffe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization cannot deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that cannot be deployed.\",\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesNotAllowed')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdb9205-3462-4cfc-87d8-16c7860b53f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"EnforcePasswordHistory\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed storage account SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"StorageSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7433c107-6db4-4ad1-b57a-a76dce0154a1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in App Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"752c6934-9bcc-4749-b004-655e676ae2ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor VM Vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"vulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"760a85ff-6162-42b3-8d70-698e268f648c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"IaaSDiagnostics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Diagnostics\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"LinuxDiagnostic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.OSTCExtensions\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c1b1214-f927-48bf-8882-84f0af6588b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e56b49b-5990-4159-a734-511ea19b731c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordMustMeetComplexityRequirements\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit diagnostic setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f89b1eb-583c-429a-8828-af049802c1d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a214f7-d01a-484b-91a9-ed54470c9a6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy SQL DB transparent data encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enables transparent data encryption on SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('fullDbName'), '/current')]\",\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"apiVersion\": \"2014-04-01\",\r\n \"properties\": {\r\n \"status\": \"Enabled\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"value\": \"[field('fullName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing system updates in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Missing security system updates on your servers will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"systemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86b3d65f-7626-441e-b690-81a8b71cff60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"not_installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"not_installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"884b209a-963b-4520-8006-d20cb3c213e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces a required tag and its value on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce3da23-7156-49e4-b145-24f95f9dcb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"StorePasswordsUsingReversibleEncryption\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9297c21d-2ed6-4474-b48f-163f75654ce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in European data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: North Europe, West Europe\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"northeurope\",\r\n \"westeurope\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"94c19f19-8192-48cd-a11b-e37099d3e36b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in United States data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"centralus\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"northcentralus\",\r\n \"southcentralus\",\r\n \"westus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"983211ba-f348-4758-983b-21fa29294869\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9bfe3727-0a17-471f-a2fe-eddd6b668745\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected network endpoints in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network endpoints without a Next Generation Firewall's protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedNetworkEndpoint\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9daedab3-fb2d-461e-b861-71790eead4f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that can be deployed.\",\r\n \"displayName\": \"Allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesAllowed')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a08ec900-254a-4555-9bf5-e42af04b5c5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Service Bus namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1817ec0-a368-432a-8057-8371e17ac6ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a451c1ef-c6ca-483d-87ed-f49761e3ffb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL server level Auditing settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audits the existence of SQL Auditing at the server level\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Desired Auditing setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enabled\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit standard tier of DDoS protection is enabled for a virtual network\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableDDoSProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce encryption on Data Lake Store accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures encryption is enabled on all Data Lake Store accounts\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DataLakeStore/accounts/encryptionState\",\r\n \"equals\": \"Disabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7ff3161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unencrypted SQL servers or databases will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a8bef009-a5c9-4d0f-90d7-6018734e8a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy network watcher when virtual networks are created\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"networkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[field('location')]\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-09-01\",\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"name\": \"[concat('networkWacher_', parameters('location'))]\",\r\n \"location\": \"[parameters('location')]\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with owner permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa633080-8b72-40c4-a2d7-d00c03e80bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Automatic provisioning of security monitoring agent\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Installs security agent on VMs for advanced security alerts and preventions in Azure Security Center. Applies only for subscriptions that use Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"securityAgent\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abcc6037-1fc4-47f6-aac5-89706589be24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'environment' tag value in allowed values\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.environment\",\r\n \"in\": [\r\n \"production\",\r\n \"dev\",\r\n \"test\",\r\n \"staging\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"endpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af6cd1bd-1635-48cb-bde7-5b15693900b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unaudited SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"SQL servers and databases which doesn't have SQL auditing turned on will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"auditing\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af8051bf-258b-44e2-a2bf-165330459f9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible network Just In Time (JIT) access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"jitNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM /etc/passwd file permissions are set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Event Hub namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b278e460-7cfc-4451-8294-cccc40a940d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"AuditSecureProtocol\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AuditSecureProtocol\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs for Search service\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Search\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an API app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b48334a4-911b-4084-b1ab-3e6a4e50b951\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of Azure Active Directory for client authentication in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit usage of client authentication only via Azure Active Directory in Service Fabric\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b54ed75b-3e1a-44ac-a333-05ba39b99ff0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be0a7681-bed4-48dc-9ff3-f0171ee170b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Asia data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastasia\",\r\n \"southeastasia\",\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\",\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Data Lake Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply Diagnostic Settings for Network Security Groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy automatically deploys diagnostic settings to network security groups.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist)\",\r\n \"description\": \"This resource group must already exist\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setbypolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"rgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"storageDeployName\": \"[concat('policyStorage_', uniqueString(parameters('location'), parameters('nsgName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('nsgName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [\r\n \"[variables('storageDeployName')]\"\r\n ],\r\n \"properties\": {\r\n \"storageAccountId\": \"[reference(variables('storageDeployName')).outputs.storageAccountId.value]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('storageDeployName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('rgName')]\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-06-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[concat(parameters('storageprefix'), parameters('location'))]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"location\": \"[parameters('location')]\",\r\n \"tags\": {\r\n \"created-by\": \"policy\"\r\n },\r\n \"scale\": null,\r\n \"properties\": {\r\n \"networkAcls\": {\r\n \"bypass\": \"AzureServices\",\r\n \"defaultAction\": \"Allow\",\r\n \"ipRules\": [],\r\n \"virtualNetworkRules\": []\r\n },\r\n \"supportsHttpsTrafficOnly\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"storageAccountId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[resourceId(parameters('rgName'), 'Microsoft.Storage/storageAccounts',concat(parameters('storagePrefix'), parameters('location')))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('rgName')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb510bfd-1cba-4d9f-a230-cb0976f4bb71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed virtual machine SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for virtual machines.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cccc23c7-8427-4f53-ad12-b6a63eb452b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'department' tag set\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation only if the 'department' tag is set\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags\",\r\n \"containsKey\": \"department\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd8dc879-a2ae-43c3-8211-1877c5755064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Key Vault\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf820ca0-f99e-4f3e-84fb-66e913812d21\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Function Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a Function app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a web application from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd2ea520-6b06-45c3-806e-ea297c23e06a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e01598e8-6538-41ed-95e8-8b29746cd697\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor OS vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"osVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3576e28-8b17-4677-84c3-db2990658d64\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"global\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"notEquals\": \"Microsoft.AzureActiveDirectory/b2cDirectories\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e56962a6-4747-49cd-b67b-bf8b01975c4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Node.js Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Node.js version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestNodeJS\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e67687e8-08d5-4e7f-8226-5b4753bba008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations for resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that resource groups can be created in.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e765b5de-1225-4ba3-bd56-1ac6695af988\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within a web application must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e797f851-8be7-4c40-bb56-2e3395215b0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an API app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration and Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid110\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"NotInstalledApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"NotInstalledApplication\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[Parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0633351-c7b2-41ff-9981-508fc08553c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid121\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if they not logging to the LA workspace specified in the policy/initiative assignment.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"notEquals\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f47b5582-33ec-4c5c-87c0-b010a6b2e917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of authorization rules on Event Hub entities\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit existence of authorization rules on Event Hub entities to grant least-privileged access\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/eventhubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/eventHubs/authorizationRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4826e5f-6a27-407c-ae3e-9582eb39891d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Auditing on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\",\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8456c1c-aa66-4dfb-861a-25d127b775c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Service Bus\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Stream Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Stream Analytics\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingJobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits that the specified application is installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor SQL vulnerability assessment results in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedinstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"feedbf84-6b99-488c-acc2-71c829aa5ffc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"cheggert: Append VMSS extension\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/virtualMachineProfile\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*].type\",\r\n \"notEquals\": \"GenevaMonitoring\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*]\",\r\n \"value\": {\r\n \"name\": \"Microsoft.Azure.Geneva.GenevaMonitoring\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Geneva\",\r\n \"type\": \"GenevaMonitoring\",\r\n \"typeHandlerVersion\": \"1.8\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {}\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/01b105ed-6ded-4a1d-894c-df85fd9351cb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"01b105ed-6ded-4a1d-894c-df85fd9351cb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage_httpsTrafficOnly\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/023217dd-81bb-461f-93ea-8799caac50c7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"023217dd-81bb-461f-93ea-8799caac50c7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"This shouldn't work\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This customer's policy is attempting to append multiple tags at once. I expect it will just append one tag with a really long name\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"value\": [\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04183864-11ae-4e7a-aadb-c600e40ed1b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04183864-11ae-4e7a-aadb-c600e40ed1b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Inherit named tag from resource group\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Applies the tag value from the resource group if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[resourcegroup().tags[parameters('tagName')]]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04904947-4d10-4454-9a50-f423d590e11b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04904947-4d10-4454-9a50-f423d590e11b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : AuditIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"deploys a delete lock for a resource \",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/0b88dfdb-55b3-4fb0-b474-5b6dcbe6b2ef/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"CanNotDelete\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {},\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"apiVersion\": \"2015-01-01\",\r\n \"name\": \"DeleteLock\",\r\n \"properties\": {\r\n \"level\": \"CanNotDelete\",\r\n \"notes\": \"prevent deletion\"\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ddd96d8-fccd-40cb-81d2-5072a4ed061c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ddd96d8-fccd-40cb-81d2-5072a4ed061c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robga-nsgtemplate-test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ddfee46-9b63-4313-a529-cfbf968d8118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ddfee46-9b63-4313-a529-cfbf968d8118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akif incident - 85944710\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 85944710\\nhttps://icm.ad.msft.net/imp/v3/incidents/details/85944710/home\\n\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af12870bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af12870bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"second attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af1287abe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af1287abe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"chegg: Deploy azsecpack autoupgrade (VMSS)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n }\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*].name\",\r\n \"notEquals\": \"Microsoft.Azure.Geneva.GenevaMonitoring\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"Microsoft.Azure.Geneva.GenevaMonitoring\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"GenevaMonitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Geneva\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/enableAutomaticUpgrade\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-10-01\",\r\n \"name\": \"[concat(parameters('vmssName'), '/Microsoft.Azure.Geneva.GenevaMonitoring')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"enableAutomaticUpgrade\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ec05dac-e529-48ef-8c20-f7e6af99a12b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ec05dac-e529-48ef-8c20-f7e6af99a12b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/123c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"123c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim nsg repro\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"fix\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/14ac45e9-df97-455d-b6ee-dd216f15f694\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"14ac45e9-df97-455d-b6ee-dd216f15f694\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim-incident-86226837-fix\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"1 - reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/15358dd8-671e-4c96-be33-2b668791418f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"15358dd8-671e-4c96-be33-2b668791418f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Attempt service bus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logProfiles\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logProfiles/serviceBusRuleId\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/163c640e-681c-445f-92ba-cd434bd8c11c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"163c640e-681c-445f-92ba-cd434bd8c11c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.zyx\",\r\n \"exists\": \"false\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/17d43473-870f-4bc8-93c6-3961fa1d91cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17d43473-870f-4bc8-93c6-3961fa1d91cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"peterhaugeaudit\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Testing resource group in IfNotExists (not the intent of the original policy, but looks like there's some weirdness here)\\n\\nChanged: Microsoft.Resources/subscriptions/resourceGroups to Microsoft.Resources/resourceGroups\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"name\": \"EnforceServicePrincipalAccessToDevTestLabsResourceGroups\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/19153189-4506-4910-b7bc-756e0188a6f2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"19153189-4506-4910-b7bc-756e0188a6f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit all tags\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"tags\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags\",\r\n \"value\": \"[resourceGroup().tags]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1e3c9312-c011-40a3-ac40-3bf3ddc24120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e3c9312-c011-40a3-ac40-3bf3ddc24120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource group locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Allowed resource group locations\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f20036f-28c3-48f3-9266-05d50fe391f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f20036f-28c3-48f3-9266-05d50fe391f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"docdb_aliases_test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/isVirtualNetworkFilterEnabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f5360b7-fe59-43f7-8af5-825df420d09c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f5360b7-fe59-43f7-8af5-825df420d09c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ovewrites security rules with IP restrictions at the securityRule level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Limit to one protocol. The most inclusive should come last. I.e. 22;22-22;22-23\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"priority\": {\r\n \"type\": \"int\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[parameters('fullRuleName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-02-01\",\r\n \"properties\": {\r\n \"protocol\": \"*\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[last(parameters('destinationPortRanges'))]\",\r\n \"access\": \"Allow\",\r\n \"direction\": \"Inbound\",\r\n \"priority\": \"[parameters('priority')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[field('Microsoft.Network/networksecurityGroups/securityRules/priority')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"20c4afd0-8a77-4433-b8b0-4ad06e4c7111\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy NSGs on Subnets\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforce that all subnets have a Network Security Group. If a subnet does not have one an NSG with the default Internet Exposed Endpoint restrictions will be created and associated with it.\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string to apply to all automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges must not overlap.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks/subnets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"notEquals\": \"null\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgPrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"nsgName\": \"[concat(parameters('nsgPrefix'), '-', parameters('location'))]\",\r\n \"vnetName\": \"[split(parameters('fullResourceName'), '/')[0]]\",\r\n \"vnetResourceId\": \"[resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))]\",\r\n \"getVnetDeploymentName\": \"[concat('getVnet-', variables('vnetName'))]\",\r\n \"collectSubnetsDeploymentName\": \"[concat('collectSubnets-', variables('vnetName'))]\",\r\n \"overwriteVnetDeploymentName\": \"[concat('overwriteVnet-', variables('vnetName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"vnetProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('vnetResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[variables('nsgName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"securityRules\": [\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Restrict\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from specific IP ranges (either corpnet or SAW)\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3997,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_AllowVnet\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from within the VNET\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"VirtualNetwork\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3998,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Deny\",\r\n \"properties\": {\r\n \"description\": \"Deny any controlled port connections that aren't explicitly allowed in higher priority rules\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 3999,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_AllowAll\",\r\n \"properties\": {\r\n \"description\": \"Allow all inbound traffic that isn't explicitly blocked by Port Lockdown restrictions\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 4000,\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectSubnetsDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_collectSubnets_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"nsgResourceId\": {\r\n \"value\": \"[resourceid('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"dependsOn\": [\r\n \"[variables('nsgName')]\"\r\n ],\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_overwriteVnet_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"updatedSubnets\": {\r\n \"value\": \"[reference(variables('collectSubnetsDeploymentName')).outputs.updatedSubnets.value]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"nsgPrefix\": {\r\n \"value\": \"[parameters('nsgPrefix')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/210ed8bd-6b07-4d5e-a62c-c34f07293288\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"210ed8bd-6b07-4d5e-a62c-c34f07293288\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit all Microsoft.Web/sites/config/authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/211a466d-b2be-46e8-b029-8c28f566f118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"211a466d-b2be-46e8-b029-8c28f566f118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of a tag2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits that a required tag is present on resources\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"notcontainsKey\": \"[parameters('tagName')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24813039-7534-408a-9842-eb99f45721b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append single location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.locationTest\",\r\n \"value\": \"[parameters('allowedLocation')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin oms vm linux parameterized effect\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"263f13f4-6b88-4788-bead-34beedde70ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere strange alias in field function\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"Tags['asdasd']\",\r\n \"equals\": \"[concat('whatever', 'a')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/26556185-593c-4866-9c0c-114ac0bf6120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26556185-593c-4866-9c0c-114ac0bf6120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test guest assignment\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/28e54a72-2fd7-40d3-afe2-b05423e0147a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"28e54a72-2fd7-40d3-afe2-b05423e0147a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"2nd attempt on this policy. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"notIn\": \"[parameters('allowedLocations')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd60841400\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd60841400\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-combined\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"the combined policy attempt for both cosmos db cases. \",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"locationNames\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd6084180f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd6084180f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage ip rules append 2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.ipRules\",\r\n \"value\": [\r\n {\r\n \"value\": \"8.8.8.8\",\r\n \"action\": \"Allow\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/2b2317a7-ab02-47b5-8159-eb7e6227709f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2b2317a7-ab02-47b5-8159-eb7e6227709f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[demo] Enforce KeyVault diagnostic log storage\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"[tolower(concat('cheggkv', parameters('location')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('cheggremdemo', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/332ce4ac-9200-4573-8c66-92b85fc82c8d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"332ce4ac-9200-4573-8c66-92b85fc82c8d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_enableAutomaticFailover\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/enableAutomaticFailover\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_defaultConsistencyLevel\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/consistencyPolicy.defaultConsistencyLevel\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0b7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_readLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_writeLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_failoverPolicies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd160\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c0df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c0df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL and Managed Instance TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c144\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c144\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services vaults test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"vault\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vault\",\r\n \"description\": \"The Recovery Services Vault.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n },\r\n \"vaults\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vaults\",\r\n \"description\": \"The list of Recovery Services Vaults.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('vault')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('vaults')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b2c1b0f-63c5-4943-8578-6d37fbe411bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b2c1b0f-63c5-4943-8578-6d37fbe411bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b788cf8-ff6f-4075-86a1-ab76270790e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b788cf8-ff6f-4075-86a1-ab76270790e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3cc5820a-cbb8-4977-9c90-d90ced95f12c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3cc5820a-cbb8-4977-9c90-d90ced95f12c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Name should have prefix and suffix\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Name should have prefix and suffix\",\r\n \"parameters\": {\r\n \"prefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The prefix\",\r\n \"description\": \"The name prefix\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"suffix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The suffix\",\r\n \"description\": \"The name suffix.\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('prefix'), '*', parameters('suffix'))]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e275e2e-a157-4ade-8f91-43b3ea370007\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e275e2e-a157-4ade-8f91-43b3ea370007\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Restrict VM skus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Restricts allowed VM skus to a predefined regex\",\r\n \"parameters\": {\r\n \"allowedSkuTemplate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed VM sku template\",\r\n \"description\": \"The VM sku template. Supports wildcards via '*'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"like\": \"[parameters('allowedSkuTemplate')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e34c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e34c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKU\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits the use of storage account SKUs that don't meet organizational cost policy.\",\r\n \"parameters\": {\r\n \"listOfAllowedSkus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of allowed SKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSkus')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e3682\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e3682\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaDataFactoryTest1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"RobgaDataFactoryTest\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataFactory/factories\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/robgatestworkspace/providers/Microsoft.OperationalInsights/workspaces/robgatestworkspace\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce autoUpgrade on VM/VMSS extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies any VM or VMSS extensions that do not have autoUpgradeMinorVersion set to true.\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f772\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f772\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically enabled autoUpgradeMinorVersion on VM extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f783\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f783\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM scale set extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically appends autoUpgradeMinorVersion=true to VMSS extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f7a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f7a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService must use serverFarm\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService serverFarm must have capacity > 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/serverFarms\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/serverFarms/sku.capacity\",\r\n \"in\": [\r\n \"0\",\r\n \"1\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc23\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc23\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Do_Not_Delete\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy is used for unit tests. Please do not delete it.\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4a0425e4-97bf-4ad0-ab36-145b94083c60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4a0425e4-97bf-4ad0-ab36-145b94083c60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny MySQL firewallRules starting with 0\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4b94c320-ce63-4fb6-ba9d-7dbe648b90de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4b94c320-ce63-4fb6-ba9d-7dbe648b90de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83686598\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"deny the creation of storage if supportsHttpsTrafficOnly is false\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"detect 'allow All' NSG rule\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c915617-16f0-4c62-b021-e66d5409d11d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c915617-16f0-4c62-b021-e66d5409d11d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332195\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332199\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332199\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny storage container creation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts/blobServices/containers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4d2f8837-7acb-4488-b580-95960ee3f116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d2f8837-7acb-4488-b580-95960ee3f116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure auto-created NSG rules exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ensures that security rules created in auto-created PortLockdown NSGs are not tampered with\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string applied to automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to in the expected security rule. I.e. 192.4.0.0/8;192.5.0.0/8 or *\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions in the expected security rule\"\r\n }\r\n },\r\n \"priority\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected priority\",\r\n \"description\": \"The priority of the expected security rule.\"\r\n }\r\n },\r\n \"access\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected access\",\r\n \"description\": \"The access (allow/deny) of the expected security rule.\"\r\n },\r\n \"allowedValues\": [\r\n \"Allow\",\r\n \"Deny\"\r\n ]\r\n },\r\n \"name\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected name\",\r\n \"description\": \"The name of the expected security rule.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('nsgPrefix'), '-', field('location'))]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"equals\": \"[parameters('priority')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"[parameters('access')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"name\": {\r\n \"type\": \"string\"\r\n },\r\n \"priority\": {\r\n \"type\": \"string\"\r\n },\r\n \"access\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"isSinglePrefix\": \"[equals(count(parameters('sourceAddressPrefixes')), 1)]\",\r\n \"isSinglePortRange\": \"[equals(count(parameters('destinationPortRanges')), 1)]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('nsgName'), '/', parameters('name'))]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"properties\": {\r\n \"description\": \"Rule auto-created by Internet Exposed Endpoints protection\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[if(variables('isSinglePortRange'), first(parameters('destinationPortRanges')), '')]\",\r\n \"destinationPortRanges\": \"[if(not(variables('isSinglePortRange')), parameters('destinationPortRanges'), json('[]'))]\",\r\n \"sourceAddressPrefix\": \"[if(variables('isSinglePrefix'), first(parameters('sourceAddressPrefixes')), '')]\",\r\n \"sourceAddressPrefixes\": \"[if(not(variables('isSinglePrefix')), parameters('sourceAddressPrefixes'), json('[]'))]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"[parameters('access')]\",\r\n \"priority\": \"[int(parameters('priority'))]\",\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"name\": {\r\n \"value\": \"[parameters('name')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[parameters('priority')]\"\r\n },\r\n \"access\": {\r\n \"value\": \"[parameters('access')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f283ec4-25a9-46df-bbf2-806ed5a3e115\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rs defaultvalue backslash\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Extensions to Exclude\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \".FWD;.GSC;.GSE;.MYD;.MYI;.SMD;.VAC;.BAK;.CHK;.FRM;.LDF;.LOG;.MBX;.MDF;.NDF;.TRN;.UND;.UNF;.UNH;.UNI;.UNQ;.UNS;.VHD;.VMDX;.WCI;.EDB;.SDS\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Paths to Exclude\",\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Sysvol;C:\\\\ProgramData\\\\Microsoft\\\\SharePoint;C:\\\\Program Files\\\\Common Files\\\\Microsoft Shared\\\\Web Server Extensions;C:\\\\Program Files\\\\Operations Manager;C:\\\\Program Files\\\\Microsoft Monitoring Agent;C:\\\\Program Files\\\\Microsoft Office Servers;C:\\\\Program Files\\\\Microsoft System Center 2012 R2\\\\Server;C:\\\\Program Files\\\\System Center Operations Manager;C:\\\\Program Files\\\\System Center Operations Manager 2007;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\NTDS;C:\\\\Windows\\\\System32\\\\LogFiles;C:\\\\Windows\\\\Sysvol;C:\\\\Program Files\\\\Double-Take Software;C:\\\\Program Files\\\\DoubleTake;C:\\\\Program Files\\\\Exchsrvr;C:\\\\Program Files\\\\Ipswitch;C:\\\\Program Files\\\\LogMeIn;C:\\\\Windows\\\\SoftwareDistribution\\\\Datastore;C:\\\\Windows\\\\Temp\\\\Gthrsvc\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Processes to Exclude\",\r\n \"description\": \"Semicolon delimited list of processes to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"HealthService.exe;ManagementService.exe;Microsoft.Mom.Sdk.Service.exe;Microsoft.Mom.ConfigServiceHost.exe;MonitoringHost.exe;pagefile.sys\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable real time protection\",\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Scheduled scans\",\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n },\r\n \"defaultValue\": \"false\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Scheduled Scan Type\",\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n },\r\n \"defaultValue\": \"Quick\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Day of Scheduled Scan\",\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n },\r\n \"defaultValue\": \"7\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Time of Scheduled Scan\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"120\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"value\": \"[parameters('ExclusionsExtensions')]\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"value\": \"[parameters('ExclusionsPaths')]\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"value\": \"[parameters('ExclusionsProcesses')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"[parameters('RealtimeProtectionEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsIsEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsDay')]\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsTime')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50877efd-8dd9-43d5-b4e6-3b70e64311b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50877efd-8dd9-43d5-b4e6-3b70e64311b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy key vault KV_B if key vault KV_A does not exist.\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy will deploy a key vault named KV_B if a key vault named KV_A does not exist.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"KV_B\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-10-01\",\r\n \"name\": \"KV_A\",\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"location\": \"eastus2\",\r\n \"properties\": {\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"sku\": {\r\n \"family\": \"A\",\r\n \"name\": \"standard\"\r\n },\r\n \"accessPolicies\": []\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50e2972e-143c-4edf-9ef6-bee0f84212d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaTestRbac\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Authorization/roleAssignments/principalId\",\r\n \"equals\": \"Admin\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/560482cd-dac5-41e6-9cef-b0aecd6020de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"560482cd-dac5-41e6-9cef-b0aecd6020de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : definition param with assignPermissions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/57ef268f-b414-436a-9894-125a81d80b30\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"57ef268f-b414-436a-9894-125a81d80b30\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"GokmenhAuditLocation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit if not west us\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5948d091-78b7-4d3b-a404-cc6a0329b0c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5948d091-78b7-4d3b-a404-cc6a0329b0c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"deployifnotexist template alias tests - redis\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/Redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/sku.family\",\r\n \"equals\": \"C\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"Whatever*\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"type\": \"string\"\r\n },\r\n \"nameField\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuFamilyOut\": {\r\n \"value\": \"[parameters('skuFamily')]\",\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPortOut\": {\r\n \"value\": \"[parameters('enableNonSslPort')]\",\r\n \"type\": \"string\"\r\n },\r\n \"nameFieldOut\": {\r\n \"value\": \"[parameters('nameField')]\",\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/sku.family')]\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/enableNonSslPort')]\"\r\n },\r\n \"nameField\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"exists\": \" false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca376\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca376\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86318519\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86318519\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallrules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"AllowAllWindowsAzureIps\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca600\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca600\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"exists\": \"true\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"notIn\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca8d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca8d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Test storage alias\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Test storage alias\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"type\": \"string\"\r\n },\r\n \"encrypt\": {\r\n \"type\": \"string\"\r\n },\r\n \"accessTier\": {\r\n \"type\": \"string\"\r\n },\r\n \"skuName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuNameOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('skuName')]\"\r\n },\r\n \"accessTierOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('accessTier')]\"\r\n },\r\n \"httpsOnlyOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('httpsOnly')]\"\r\n },\r\n \"encryptOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('encrypt')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly')]\"\r\n },\r\n \"encrypt\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/enableBlobEncryption')]\"\r\n },\r\n \"accessTier\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/accessTier')]\"\r\n },\r\n \"skuName\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/sku.name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5fa69139-9a49-464e-90b5-0d243a469138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5fa69139-9a49-464e-90b5-0d243a469138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit costcenter tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"value\": \"[resourceGroup().tags.CostCenter]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6ced0d17-98f3-41e2-8038-08c8f4fb90e3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6ced0d17-98f3-41e2-8038-08c8f4fb90e3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim Apply allowed tag and its default value\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"3\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n },\r\n \"allowedValues\": [\r\n \"TagA\",\r\n \"TagB\"\r\n ]\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6d1735de-f3e3-4c40-a8b2-7b3a1042a895\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6d1735de-f3e3-4c40-a8b2-7b3a1042a895\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": null\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"3\"\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"Metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The metric operator.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"The timeAggregation.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"The window size.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"The evaluation frequency.\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The action group id.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('alertNamePrefix'), '*')]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(toLower(parameters('alertNamePrefix')), uniqueString(resourceGroup().id))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6f2c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6f2c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testImageId\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"css\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"contains\": \"resourceGroups/testSandipsh\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/70dc1e8d-61c9-4089-8bf5-895b227c1298\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"70dc1e8d-61c9-4089-8bf5-895b227c1298\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"policyTrackedResources-sdk-tests\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"notIn\": [\r\n \"policyTrackedResources-sdk-tests-rule1\",\r\n \"policyTrackedResources-sdk-tests-rule2\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule1')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule2')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2001,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny if blob is not encrypted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/74d5cf40-7293-46a4-a285-7ea971e3719a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"74d5cf40-7293-46a4-a285-7ea971e3719a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Location restriction\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Policy to force allocations to a set of given locations\",\r\n \"metadata\": {\r\n \"category\": \"cstack\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/763dcd1d-a4a9-46a8-8bd3-357c4533a335\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"763dcd1d-a4a9-46a8-8bd3-357c4533a335\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83577342 deny proxy resource location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/83577342/home\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"eastus\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingjobs/transformations\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/77429b44-aac1-4417-a53e-6900c07e11ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"77429b44-aac1-4417-a53e-6900c07e11ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Block TLS < 1.2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/slots/config\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\r\n \"notEquals\": \"1.2\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/78c5df31-2f05-4f4d-acfe-3e536d88c1bc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"78c5df31-2f05-4f4d-acfe-3e536d88c1bc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny ActiveDirectory administrators\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/administrators/administratorType\",\r\n \"equals\": \"ActiveDirectory\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash weird chars\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR!@#$%^&*()_+=-{}[];:',.<>?~`/;C:\\\\hello\\\\there\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7f4d769f-78db-46eb-ac3c-0b8214f8c245\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f4d769f-78db-46eb-ac3c-0b8214f8c245\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock v2\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/83daa8ee-7c9a-470c-81a8-5a99ac09d134\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83daa8ee-7c9a-470c-81a8-5a99ac09d134\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"northwell.io\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/86cd412c-c557-473b-984c-a5f15cdcb116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86cd412c-c557-473b-984c-a5f15cdcb116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Parameterized effect (if location != eastus)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The policy effect.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"eastus\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"885f1dcb-a9c5-4c8c-8996-2702db44a2d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.xyz\",\r\n \"exists\": false\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8959fd87-c1dd-4831-9034-a4f876bee1cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8959fd87-c1dd-4831-9034-a4f876bee1cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Kubernetes ingress policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Only specified ingress is allowed based on names\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere applicability test 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/whatever\"\r\n },\r\n {\r\n \"field\": \"tags.applicability\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8e6b598c-1a45-404b-97dd-983e37c040da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8e6b598c-1a45-404b-97dd-983e37c040da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_ipRangeFilter\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/ipRangeFilter\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9012b1cd-b045-46c6-a510-6137e06a009c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elperetest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"value\": \"[resourceGroup().tags['Hyphen-test']]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9389a21b-2134-414a-a579-e9f2709b2131\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9389a21b-2134-414a-a579-e9f2709b2131\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash (array)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": [\r\n \"C:\\\\rs-pkgs\",\r\n \"C:\\\\System Volume Information\\\\DFSR\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/985adbc0-6d2e-448a-ac26-89d3688191d5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"985adbc0-6d2e-448a-ac26-89d3688191d5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github209\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/virtualNetworkRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9a060c03-fda7-4b0a-b4da-15e2b7e4d117\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9a060c03-fda7-4b0a-b4da-15e2b7e4d117\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - Subscription Lvl test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Subscriptionlevel auditIfNotExist policy\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a1b067c8-2970-4c0b-b0da-31ae7f33d1de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1b067c8-2970-4c0b-b0da-31ae7f33d1de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Noop\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Don't do anything\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"yabba\",\r\n \"dabba\",\r\n \"doo\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a309ad64-0bae-48d9-a6b1-d99c0b4218b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a309ad64-0bae-48d9-a6b1-d99c0b4218b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyof\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a337c781-c7d8-4e12-ae69-1951c7e74378\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a337c781-c7d8-4e12-ae69-1951c7e74378\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127 - better\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\",\r\n \"Deny\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"81196380\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure https traffic only for storage account\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure https traffic only for storage account\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"true\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscription name tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"add subscription name tag\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionname\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionname\",\r\n \"value\": \"[subscription().displayName]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d82a2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d82a2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Add subscription \\\"id\\\" tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.id\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.id\",\r\n \"value\": \"[subscription().id]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8339\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8339\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscriptionId tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionId\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionId\",\r\n \"value\": \"[subscription().subscriptionId]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8635\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8635\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgaNSGtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/aeb6a524-e3d1-4b8a-afa8-26ae4e291116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aeb6a524-e3d1-4b8a-afa8-26ae4e291116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed Location Indexed\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"hackathon policy\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Allowed-Locations-Indexed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Allowed-Locations-Indexed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if antiMalware extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy audits if the anti malware extension .\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/antiMalwareExtensionExists\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"antiMalwareExtensionExists\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Web socket must be disabled on App Services\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures web sockets are disabled on App Services.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/AppServiceWebSockets\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"AppServiceWebSockets\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure Security Center must be enabled\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures Azure Security Center is enabled.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ASCEnabled\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ASCEnabled\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and it's value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and its value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits if a required extension doesn't exist.\",\r\n \"parameters\": {\r\n \"publisher\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The publisher of the extension\",\r\n \"displayName\": \"Extension Publisher\"\r\n }\r\n },\r\n \"type\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The type of the extension\",\r\n \"displayName\": \"Extension Type\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"[parameters('publisher')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"[parameters('type')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/audit-vm-extension\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"audit-vm-extension\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"CanCrudPolicyAssignment Policy Definition $[Auto Test]\",\r\n \"policyType\": \"Custom\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"ResourceProviderTestHost/TestResourceType/TestResourceTypeNestedOne/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/azsmnet6487\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"azsmnet6487\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"89322663 audit diag setting\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"description\": \"The list of resources types to audit for missing diagnostic log settings.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"details\": {\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"equals\": \"true\",\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\"\r\n }\r\n ]\r\n },\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\"\r\n },\r\n \"effect\": \"AuditIfNotExists\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b350b9b0-8ba5-4867-bc9c-63b4544671b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b350b9b0-8ba5-4867-bc9c-63b4544671b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"makharchtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"policy\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b36f6195-0fc5-4a41-bbce-875248400f5f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b36f6195-0fc5-4a41-bbce-875248400f5f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash really long string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b9203c56-0565-434a-a315-87f4da9f21b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b9203c56-0565-434a-a315-87f4da9f21b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"NSG Rules exists test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].protocol\",\r\n \"notLike\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/bb6a78ae-8737-41e0-9c41-cc777c8c00a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bb6a78ae-8737-41e0-9c41-cc777c8c00a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"Category\": \"Flintstones\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"yabba\",\r\n \"dabba\",\r\n \"doo\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/BedrockPolicy\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"BedrockPolicy\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c0f586f1-abe5-4801-8588-7332e49e60c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c0f586f1-abe5-4801-8588-7332e49e60c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"234\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logprofiles\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/logprofiles\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Doublecheck the lifecycle tag policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy refers to tags['Lifecycle'], which with the current implementation of the escaped tags syntax will refer to a tag named 'Lifecycle' (quotes and all). This is a customer policy that would be broken when I switch the meaning of tags['Lifecycle'] to refer simply to a tag named Lifecycle (no quotes)\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['Lifecycle']\",\r\n \"notIn\": [\r\n \"dev\",\r\n \"tst\",\r\n \"stg\",\r\n \"prd\",\r\n \"trn\",\r\n \"prf\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c6be98a9-8108-40aa-b726-d2ae8e2891b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c6be98a9-8108-40aa-b726-d2ae8e2891b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe resource group auditIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c7b9982d-2f50-4730-935f-5c241982a441\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c7b9982d-2f50-4730-935f-5c241982a441\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed resource types\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": \"The list of allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('allowedTypes')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c872f951-1c5d-4c61-89dd-aee2350a11ba\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8b79b49-a579-4045-984e-1b249ab8b474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8cedfaa-4aa0-465a-8b90-49caf8177158\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8cedfaa-4aa0-465a-8b90-49caf8177158\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere css block NSG changes\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/95894791/home\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"nsgName\",\r\n \"description\": \"The name of the NSG.\"\r\n },\r\n \"defaultValue\": \"nsgName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('nsgName')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"fullName\",\r\n \"like\": \"[concat(parameters('nsgName'), '/*')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ca01432d-4278-45a6-8137-69f2155d2248\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ca01432d-4278-45a6-8137-69f2155d2248\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin empty string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure resource names meet the like condition for a pattern.\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"namePattern\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"namePattern\",\r\n \"description\": \"Pattern to use for names. Can include wildcard (*).\"\r\n },\r\n \"allowedValues\": [\r\n \"\",\r\n \"one\",\r\n \"two\"\r\n ],\r\n \"defaultValue\": \"\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('namePattern')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"camarvin-test-empty-assign\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere append 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.test\",\r\n \"value\": \"1\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny on 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.test\",\r\n \"equals\": \"1\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Resource name contains resource group name\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Require resources to contain the resource group's name\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"notContains\": \"[resourceGroup().name]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/contain-resource-group-name\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"contain-resource-group-name\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v3\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"third attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5002\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-deployIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"deploys a delete lock for a resource \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/0b88dfdb-55b3-4fb0-b474-5b6dcbe6b2ef/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"CanNotDelete\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {},\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"apiVersion\": \"2015-01-01\",\r\n \"name\": \"DeleteLock\",\r\n \"properties\": {\r\n \"level\": \"CanNotDelete\",\r\n \"notes\": \"prevent deletion\"\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5632\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5632\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce KeyVault diagnostic log storage (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"elperetest\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('elpere', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d0d9349d-843c-443a-9f27-5ce84f08c37e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d0d9349d-843c-443a-9f27-5ce84f08c37e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere template paramters function tests\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"testing strange array behavior\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"contains\": \"lmao\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"String\"\r\n },\r\n \"dataDisks\": {\r\n \"type\": \"object\"\r\n },\r\n \"osDisk\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmVar\": \"[parameters('vmName')]\",\r\n \"dataDisksVar\": \"[parameters('dataDisks')]\"\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"vmNameOut\": {\r\n \"value\": \"[variables('vmVar')]\",\r\n \"type\": \"String\"\r\n },\r\n \"dataDisksOut\": {\r\n \"value\": \"[concat(array(parameters('osDisk')), if(empty(parameters('dataDisks').rawValue), parameters('dataDisks').emptyArray, array(parameters('dataDisks').rawValue)))]\",\r\n \"type\": \"array\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"dataDisks\": {\r\n \"value\": {\r\n \"rawValue\": \"[field('Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.id')]\",\r\n \"emptyArray\": []\r\n }\r\n },\r\n \"osDisk\": {\r\n \"value\": \"[field('Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.id')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d2532053-bf59-4095-a1ae-2b7e4744f119\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d2532053-bf59-4095-a1ae-2b7e4744f119\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Access KV as part of remidiation deployment test (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"hello\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"outputs\": {\r\n \"testSecretOutput\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('testSecret')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"reference\": {\r\n \"keyVault\": {\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/elpere/providers/Microsoft.KeyVault/vaults/elpereKv\"\r\n },\r\n \"secretName\": \"test\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d35ce9be-f51b-4d3e-bc7f-dde2936381b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d35ce9be-f51b-4d3e-bc7f-dde2936381b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - inv\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"inv \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\",\r\n \"details\": {\r\n \"functionId\": \"subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourcegroups/AKif2WebApp/providers/Microsoft.Logic/workflows/deneme\",\r\n \"payload\": {\r\n \"locations\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d54722e7-4665-47ce-9a82-2f96cebfe238\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d54722e7-4665-47ce-9a82-2f96cebfe238\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - incident - gardner\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"name\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"text\": {\r\n \"type\": \"string\",\r\n \"value\": \"Policy executed for resource [parameters('name')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"name\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d54722e7-4665-47ce-9a82-2f96cebfe353\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d54722e7-4665-47ce-9a82-2f96cebfe353\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs (NSG level)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Overwrites security rules with IP restrictions at the NSG level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges may overlap.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"getNsgDeploymentName\": \"[concat('getNSGContent-', parameters('nsgName'))]\",\r\n \"collectorDeploymentName\": \"[concat('collectRules-', parameters('nsgName'))]\",\r\n \"overwriteNsgDeploymentName\": \"[concat('overwriteNsg-', parameters('nsgName'))]\",\r\n \"nsgResourceId\": \"[resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"nsgProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('nsgResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectorDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_collectRules_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"nsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"portRangesToRestrict\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_overwriteNSG_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"originalNsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"updatedSecurityRules\": {\r\n \"value\": \"[reference(variables('collectorDeploymentName')).outputs.updatedSecurityRules.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d7b13c30-e6aa-47e1-b50a-8e33f152d086\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d7b13c30-e6aa-47e1-b50a-8e33f152d086\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7121\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7126\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e712b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7130\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7135\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e713a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Audited skus\",\r\n \"description\": \"The list of skus.\",\r\n \"strongType\": \"storageSkus\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e90ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e90ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List Of Allowed SKUs\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"vmSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e9170\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e9170\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[elpere] deployIfNotExists Runners test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"deployIfNotExistsTestsRule\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/deployIfNotExistsTestsRule')]\",\r\n \"properties\": {\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbfa9fc0-5202-4001-8759-1aa2387f825b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbfa9fc0-5202-4001-8759-1aa2387f825b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"allowedOS\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"test_sandipsh\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedWindows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Windows VMs\",\r\n \"description\": \"The list of allowed VMs for Windows.\"\r\n }\r\n },\r\n \"listOfAllowedUbuntus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Ubuntu VMs\",\r\n \"description\": \"The list of allowed VMs for Ubuntu.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/disks\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"Canonical\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"UbuntuServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedUbuntus')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedWindows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services backup policies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"policies\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policies\",\r\n \"description\": \"The list of allowed Recovery Services backup policies.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n },\r\n \"policy\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policy\",\r\n \"description\": \"Allowed Recovery Services backup policy.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('policies')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('policy')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e3f9a624-b17d-4dc8-9649-65814d3241bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3f9a624-b17d-4dc8-9649-65814d3241bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"authSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their logs config\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"logs\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny changing sites authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"defaultValue: all parameters\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"defaultValue\"\r\n },\r\n \"parameters\": {\r\n \"locations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array)\",\r\n \"description\": \"The list of locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": [\r\n \"eastus\",\r\n \"westus\"\r\n ]\r\n },\r\n \"location\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string)\",\r\n \"description\": \"The location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"resourceGroups\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array)\",\r\n \"description\": \"The list of resource groups.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": [\r\n \"camarvin\"\r\n ]\r\n },\r\n \"resourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string)\",\r\n \"description\": \"The resource group.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": \"camarvin\"\r\n },\r\n \"tags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array)\",\r\n \"description\": \"The list of tags.\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"tag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string)\",\r\n \"description\": \"The tag.\"\r\n },\r\n \"defaultValue\": \"\"\r\n },\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array, av)\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": [\r\n \"eastus\"\r\n ]\r\n },\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string, av)\",\r\n \"description\": \"The allowed location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"allowedStorageSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array, av)\",\r\n \"description\": \"The list of allowed storage SKUs for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ]\r\n },\r\n \"allowedStorageSKU\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string, av)\",\r\n \"description\": \"The allowed storage SKU for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": \"Standard_LRS\"\r\n },\r\n \"allowedTags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array, av)\",\r\n \"description\": \"The list of allowed tags.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ]\r\n },\r\n \"allowedTag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string, av)\",\r\n \"description\": \"The allowed tag.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": \"FirstName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('locations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('resourceGroups')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('resourceGroup')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('tags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('tag')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedStorageSkus')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"Equals\": \"[parameters('allowedStorageSku')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedTags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"NotEquals\": \"[parameters('allowedTag')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ea1688b3-022e-4add-af39-2fe60689a3b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ea1688b3-022e-4add-af39-2fe60689a3b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny \\\"Allow All\\\" NSG rules\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies the creation of sourceAddressPrefix=\\\"*\\\", destinationPortRange=\\\"*\\\" NSG security rules\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"PortLockdown_AllowAll\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"notEquals\": \"4000\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github264\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/siteAuthSettings.enabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ef00ee9d-fe45-4d14-8bee-789eea392116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ef00ee9d-fe45-4d14-8bee-789eea392116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"GokmenhTestTagWithHyphen5\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"GokmenhTestTagWithHyphen5\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"value\": \"[resourceGroup().tags['Hyphen-test']]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/f2320be5-23be-4b58-8d8e-08c3044dd60f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f2320be5-23be-4b58-8d8e-08c3044dd60f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy enables you to audit your location.\",\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/LocationAuditDefinition\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"LocationAuditDefinition\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"northeurope\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/policy2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"policy2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps6386\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps6386\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9652\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps9652\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9867\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps9867\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test policy\",\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testSandipsh.draft\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testSandipsh.draft\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testtest\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"testtest\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testtest\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testtest\"\r\n }\r\n ]\r\n}", "StatusCode": 200 }, { @@ -348,16 +348,16 @@ "Accept-Encoding" ], "x-ms-ratelimit-remaining-subscription-reads": [ - "11993" + "11999" ], "x-ms-request-id": [ - "westus2:68f5f672-86bb-4956-bf58-98a7a70b3aec" + "westus2:2725a469-cfb1-4f88-a77d-269fe4e328b7" ], "x-ms-correlation-request-id": [ - "7a185c8d-8483-4e77-bd22-fdf2de28cbe0" + "0d7a4562-faa9-4abe-8b97-76f26f8ad3f6" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T214206Z:7a185c8d-8483-4e77-bd22-fdf2de28cbe0" + "WESTUS2:20190116T193735Z:0d7a4562-faa9-4abe-8b97-76f26f8ad3f6" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -366,10 +366,10 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:42:06 GMT" + "Wed, 16 Jan 2019 19:37:34 GMT" ], "Content-Length": [ - "439489" + "487308" ], "Content-Type": [ "application/json; charset=utf-8" @@ -381,7 +381,7 @@ "0" ] }, - "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines without disaster recovery configured\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"ASR-Protect-*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an Function app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"001802d1-4969-4c82-a700-c29c6c6f9bbd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"053d3325-282c-4e5c-b944-24faffd30d77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Data Lake Store\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057ef27e-665e-4328-8ea3-04b3122bd9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL DB Level Audit Setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit DB level audit setting for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit VMs that do not use managed disks\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0868462e-646c-4fe3-9ced-a733534b6a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08b17839-76c6-4015-90e0-33d9d54d219c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit minimum number of owners for subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate more than one subscription owner in order to have administrator access redundancy.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateMoreThanOneOwner\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted VM Disks in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0961003e-5a0a-4549-abde-af6a37f2724d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit resource location matches resource group location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that the resource location matches its resource group location\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"notIn\": [\r\n \"[resourcegroup().location]\",\r\n \"global\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a914e76-4921-4c19-b460-a2d36003525a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an function app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e60b895-3786-45da-8377-9c6b4b6ac5f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11ac78e3-31bc-4f0c-8434-37ab963cea07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the required content to audit that an application is installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"WhitelistedApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WhitelistedApplication\"\r\n },\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"installedApplication\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[Parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit transparent data encryption status\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit transparent data encryption status for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"enabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17k78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1c210e94-a481-4beb-95fa-1571b434fb04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicCompute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d84d5fb-01f6-4d12-ba4f-4a26081d403d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1de7b11d-1870-41a5-8181-507e7c663cfb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enforces a required tag and its value. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e30110a-5ceb-460c-a204-c1c3969c6d62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit provisioning of an Azure Active Directory administrator for SQL server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/administrators\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f314764-cb73-4fc9-b863-8eca98ac36e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected web application in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Web applications without a Web Application Firewall protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\",\r\n \"Microsoft.Web/hostingEnvironments\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201ea587-7c90-41c3-910f-c280ae01cfd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a API app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"224da9fe-0d38-4e79-adb3-0a6e2af942ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of only secure connections to your Redis Cache\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Cache\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22bee202-a82f-4305-9a2a-6d7f44d4dedb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordLength\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordLength\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit configuration of metric alert rules on Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit configuration of metric alert rules on Batch account to enable the required metric\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/alertRules\",\r\n \"existenceScope\": \"Subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\r\n \"equals\": \"[parameters('metricName')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\r\n \"equals\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', field('name'))]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Microsoft IaaSAntimalware extension for Windows Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys a Microsoft IaaSAntimalware extension with a default configuraion when a VM is not configured with the antimalware extension.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of process names to exclude from scanning\"\r\n }\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"false\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Quick\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"7\",\r\n \"metadata\": {\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"120\",\r\n \"metadata\": {\r\n \"description\": \"When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM.\"\r\n }\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2835b622-407b-4114-9198-6f7064cbe0dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Applies a required tag and its default value if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fde8a98-6892-426a-83ba-050e640c0ce0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32133ab0-ee4b-4b44-98d6-042180979d50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid232\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"equals\": \"Allow\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34c877ad-507e-4c82-993e-3452a6e0ad3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Logic Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Logic Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34f95f76-5386-4de7-b824-0d8478470c9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MaximumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MaximumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enablement of encryption of Automation account variables\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is important to enable encryption of Automation account variable assets when storing sensitive data\",\r\n \"metadata\": {\r\n \"category\": \"Automation\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts/variables\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Automation/automationAccounts/variables/isEncrypted\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3657f5a0-770e-44a3-b44e-9431ba1e9735\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Threat Detection is enabled on SQL Servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicStorage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c1b3629-c8f8-4bf6-862c-037cb9094038\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Log Analytics Agent for Ubuntu VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace\",\r\n \"metadata\": {\r\n \"category\": \"Compute\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\",\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\",\r\n \"14.04.2-LTS\",\r\n \"12.04.5-LTS\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fe37002-5d00-4b37-a301-da09e3a0ca66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit secure transfer to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit requirment of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"404c3081-a854-4457-ae30-26a93ef643f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"428256e6-1fac-4f48-a757-df34c2b3336d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor permissive network access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"permissiveNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44452482-524f-4bf4-b852-0bff7cc4a3ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require SQL Server version 12.0\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures all SQL servers use version 12.0\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/version\",\r\n \"equals\": \"12.0\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46544d7b-1f0d-46f5-81da-5c1351de1b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce automatic OS upgrade with app health checks on VMSS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces usage of automatic OS upgrade with application health checks through health probes, which enables safer rollout by evaluating application health after each OS upgrade batch.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade\",\r\n \"equals\": \"True\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/networkProfile.healthProbe.id\",\r\n \"exists\": \"False\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f0161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible app Whitelisting in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible Application Whitelist configuration will be monitored by Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"applicationWhitelisting\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47a6b606-51aa-4496-8bb7-64b11cf66adc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48893b84-a2c8-4d9a-badf-835d5d1b7d53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Applies a required tag and its default value to resource groups if it is not specified by the user.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d1c04de-2172-403f-901b-90608c35c721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit maximum number of owners for a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateLessThanXOwners\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f11b553-d42e-4e3a-89be-32ca364cad4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with write permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df82f4f-773a-4a2d-97a2-422a806f1a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in India data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: West India, South India, Central India\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with read permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit the setting of ClusterProtectionLevel property to EncryptAndSign in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].name\",\r\n \"notEquals\": \"Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name\",\r\n \"notEquals\": \"ClusterProtectionLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value\",\r\n \"notEquals\": \"EncryptAndSign\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"617c02be-7f02-4efd-8836-3180d47b6c68\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit missing blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits storage accounts without blob encryption. It only applies to Microsoft.Storage resource types, not other storage providers. Possible network Just In Time access will be monitored by Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"655cb504-bcee-4362-bd4c-402e6aa38759\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a Function app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"664346d9-be92-43fb-a219-d595eeb76a90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a web application from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8450e2-6c61-43b4-be65-62e3a197bffe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization cannot deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that cannot be deployed.\",\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesNotAllowed')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdb9205-3462-4cfc-87d8-16c7860b53f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"EnforcePasswordHistory\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed storage account SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"StorageSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7433c107-6db4-4ad1-b57a-a76dce0154a1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in App Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"752c6934-9bcc-4749-b004-655e676ae2ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor VM Vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"vulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"760a85ff-6162-42b3-8d70-698e268f648c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"IaaSDiagnostics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Diagnostics\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"LinuxDiagnostic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.OSTCExtensions\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c1b1214-f927-48bf-8882-84f0af6588b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e56b49b-5990-4159-a734-511ea19b731c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordMustMeetComplexityRequirements\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit diagnostic setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f89b1eb-583c-429a-8828-af049802c1d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a214f7-d01a-484b-91a9-ed54470c9a6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy SQL DB transparent data encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enables transparent data encryption on SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('fullDbName'), '/current')]\",\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"apiVersion\": \"2014-04-01\",\r\n \"properties\": {\r\n \"status\": \"Enabled\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"value\": \"[field('fullName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing system updates in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Missing security system updates on your servers will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"systemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86b3d65f-7626-441e-b690-81a8b71cff60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"not_installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"not_installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"884b209a-963b-4520-8006-d20cb3c213e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces a required tag and its value on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce3da23-7156-49e4-b145-24f95f9dcb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"StorePasswordsUsingReversibleEncryption\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9297c21d-2ed6-4474-b48f-163f75654ce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in European data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: North Europe, West Europe\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"northeurope\",\r\n \"westeurope\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"94c19f19-8192-48cd-a11b-e37099d3e36b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in United States data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"centralus\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"northcentralus\",\r\n \"southcentralus\",\r\n \"westus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"983211ba-f348-4758-983b-21fa29294869\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9bfe3727-0a17-471f-a2fe-eddd6b668745\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected network endpoints in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network endpoints without a Next Generation Firewall's protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedNetworkEndpoint\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9daedab3-fb2d-461e-b861-71790eead4f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that can be deployed.\",\r\n \"displayName\": \"Allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesAllowed')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a08ec900-254a-4555-9bf5-e42af04b5c5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Service Bus namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1817ec0-a368-432a-8057-8371e17ac6ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a451c1ef-c6ca-483d-87ed-f49761e3ffb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL server level Auditing settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audits the existence of SQL Auditing at the server level\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Desired Auditing setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enabled\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit standard tier of DDoS protection is enabled for a virtual network\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableDDoSProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce encryption on Data Lake Store accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures encryption is enabled on all Data Lake Store accounts\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DataLakeStore/accounts/encryptionState\",\r\n \"equals\": \"Disabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7ff3161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unencrypted SQL servers or databases will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a8bef009-a5c9-4d0f-90d7-6018734e8a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy network watcher when virtual networks are created\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"networkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[field('location')]\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-09-01\",\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"name\": \"[concat('networkWacher_', parameters('location'))]\",\r\n \"location\": \"[parameters('location')]\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with owner permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa633080-8b72-40c4-a2d7-d00c03e80bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Automatic provisioning of security monitoring agent\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Installs security agent on VMs for advanced security alerts and preventions in Azure Security Center. Applies only for subscriptions that use Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"securityAgent\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abcc6037-1fc4-47f6-aac5-89706589be24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'environment' tag value in allowed values\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.environment\",\r\n \"in\": [\r\n \"production\",\r\n \"dev\",\r\n \"test\",\r\n \"staging\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"endpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af6cd1bd-1635-48cb-bde7-5b15693900b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unaudited SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"SQL servers and databases which doesn't have SQL auditing turned on will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"auditing\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af8051bf-258b-44e2-a2bf-165330459f9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible network Just In Time (JIT) access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"jitNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM /etc/passwd file permissions are set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Event Hub namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b278e460-7cfc-4451-8294-cccc40a940d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"AuditSecureProtocol\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AuditSecureProtocol\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs for Search service\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Search\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an API app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b48334a4-911b-4084-b1ab-3e6a4e50b951\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of Azure Active Directory for client authentication in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit usage of client authentication only via Azure Active Directory in Service Fabric\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b54ed75b-3e1a-44ac-a333-05ba39b99ff0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be0a7681-bed4-48dc-9ff3-f0171ee170b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Asia data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastasia\",\r\n \"southeastasia\",\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\",\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Data Lake Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply Diagnostic Settings for Network Security Groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy automatically deploys diagnostic settings to network security groups.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist)\",\r\n \"description\": \"This resource group must already exist\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setbypolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"rgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"storageDeployName\": \"[concat('policyStorage_', uniqueString(parameters('location'), parameters('nsgName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('nsgName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [\r\n \"[variables('storageDeployName')]\"\r\n ],\r\n \"properties\": {\r\n \"storageAccountId\": \"[reference(variables('storageDeployName')).outputs.storageAccountId.value]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('storageDeployName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('rgName')]\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-06-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[concat(parameters('storageprefix'), parameters('location'))]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"location\": \"[parameters('location')]\",\r\n \"tags\": {\r\n \"created-by\": \"policy\"\r\n },\r\n \"scale\": null,\r\n \"properties\": {\r\n \"networkAcls\": {\r\n \"bypass\": \"AzureServices\",\r\n \"defaultAction\": \"Allow\",\r\n \"ipRules\": [],\r\n \"virtualNetworkRules\": []\r\n },\r\n \"supportsHttpsTrafficOnly\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"storageAccountId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[resourceId(parameters('rgName'), 'Microsoft.Storage/storageAccounts',concat(parameters('storagePrefix'), parameters('location')))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('rgName')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb510bfd-1cba-4d9f-a230-cb0976f4bb71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed virtual machine SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for virtual machines.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cccc23c7-8427-4f53-ad12-b6a63eb452b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'department' tag set\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation only if the 'department' tag is set\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags\",\r\n \"containsKey\": \"department\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd8dc879-a2ae-43c3-8211-1877c5755064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Key Vault\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf820ca0-f99e-4f3e-84fb-66e913812d21\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Function Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a Function app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a web application from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd2ea520-6b06-45c3-806e-ea297c23e06a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e01598e8-6538-41ed-95e8-8b29746cd697\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor OS vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"osVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3576e28-8b17-4677-84c3-db2990658d64\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"global\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"notEquals\": \"Microsoft.AzureActiveDirectory/b2cDirectories\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e56962a6-4747-49cd-b67b-bf8b01975c4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Node.js Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Node.js version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestNodeJS\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e67687e8-08d5-4e7f-8226-5b4753bba008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations for resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that resource groups can be created in.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e765b5de-1225-4ba3-bd56-1ac6695af988\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within a web application must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e797f851-8be7-4c40-bb56-2e3395215b0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an API app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration and Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid110\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"NotInstalledApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"NotInstalledApplication\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[Parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0633351-c7b2-41ff-9981-508fc08553c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid121\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if they not logging to the LA workspace specified in the policy/initiative assignment.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"notEquals\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f47b5582-33ec-4c5c-87c0-b010a6b2e917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of authorization rules on Event Hub entities\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit existence of authorization rules on Event Hub entities to grant least-privileged access\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/eventhubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/eventHubs/authorizationRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4826e5f-6a27-407c-ae3e-9582eb39891d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Auditing on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\",\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8456c1c-aa66-4dfb-861a-25d127b775c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Service Bus\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Stream Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Stream Analytics\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingJobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits that the specified application is installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor SQL vulnerability assessment results in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedinstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"feedbf84-6b99-488c-acc2-71c829aa5ffc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage_httpsTrafficOnly\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/023217dd-81bb-461f-93ea-8799caac50c7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"023217dd-81bb-461f-93ea-8799caac50c7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"This shouldn't work\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This customer's policy is attempting to append multiple tags at once. I expect it will just append one tag with a really long name\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"value\": [\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04183864-11ae-4e7a-aadb-c600e40ed1b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04183864-11ae-4e7a-aadb-c600e40ed1b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Inherit named tag from resource group\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Applies the tag value from the resource group if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[resourcegroup().tags[parameters('tagName')]]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04904947-4d10-4454-9a50-f423d590e11b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04904947-4d10-4454-9a50-f423d590e11b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robga-nsgtemplate-test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ddfee46-9b63-4313-a529-cfbf968d8118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ddfee46-9b63-4313-a529-cfbf968d8118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akif incident - 85944710\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 85944710\\nhttps://icm.ad.msft.net/imp/v3/incidents/details/85944710/home\\n\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af12870bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af12870bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"second attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af1287abe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af1287abe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/123c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"123c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim nsg repro\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"fix\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/14ac45e9-df97-455d-b6ee-dd216f15f694\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"14ac45e9-df97-455d-b6ee-dd216f15f694\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim-incident-86226837-fix\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"1 - reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/15358dd8-671e-4c96-be33-2b668791418f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"15358dd8-671e-4c96-be33-2b668791418f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Attempt service bus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logProfiles\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logProfiles/serviceBusRuleId\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/163c640e-681c-445f-92ba-cd434bd8c11c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"163c640e-681c-445f-92ba-cd434bd8c11c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.zyx\",\r\n \"exists\": \"false\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/17d43473-870f-4bc8-93c6-3961fa1d91cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17d43473-870f-4bc8-93c6-3961fa1d91cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit all tags\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"tags\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags\",\r\n \"value\": \"[resourceGroup().tags]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1e3c9312-c011-40a3-ac40-3bf3ddc24120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e3c9312-c011-40a3-ac40-3bf3ddc24120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource group locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Allowed resource group locations\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f20036f-28c3-48f3-9266-05d50fe391f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f20036f-28c3-48f3-9266-05d50fe391f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"docdb_aliases_test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/isVirtualNetworkFilterEnabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f5360b7-fe59-43f7-8af5-825df420d09c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f5360b7-fe59-43f7-8af5-825df420d09c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ovewrites security rules with IP restrictions at the securityRule level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Limit to one protocol. The most inclusive should come last. I.e. 22;22-22;22-23\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"priority\": {\r\n \"type\": \"int\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[parameters('fullRuleName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-02-01\",\r\n \"properties\": {\r\n \"protocol\": \"*\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[last(parameters('destinationPortRanges'))]\",\r\n \"access\": \"Allow\",\r\n \"direction\": \"Inbound\",\r\n \"priority\": \"[parameters('priority')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[field('Microsoft.Network/networksecurityGroups/securityRules/priority')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"20c4afd0-8a77-4433-b8b0-4ad06e4c7111\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy NSGs on Subnets\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforce that all subnets have a Network Security Group. If a subnet does not have one an NSG with the default Internet Exposed Endpoint restrictions will be created and associated with it.\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string to apply to all automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges must not overlap.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks/subnets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"notEquals\": \"null\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgPrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"nsgName\": \"[concat(parameters('nsgPrefix'), '-', parameters('location'))]\",\r\n \"vnetName\": \"[split(parameters('fullResourceName'), '/')[0]]\",\r\n \"vnetResourceId\": \"[resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))]\",\r\n \"getVnetDeploymentName\": \"[concat('getVnet-', variables('vnetName'))]\",\r\n \"collectSubnetsDeploymentName\": \"[concat('collectSubnets-', variables('vnetName'))]\",\r\n \"overwriteVnetDeploymentName\": \"[concat('overwriteVnet-', variables('vnetName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"vnetProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('vnetResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[variables('nsgName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"securityRules\": [\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Restrict\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from specific IP ranges (either corpnet or SAW)\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3997,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_AllowVnet\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from within the VNET\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"VirtualNetwork\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3998,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Deny\",\r\n \"properties\": {\r\n \"description\": \"Deny any controlled port connections that aren't explicitly allowed in higher priority rules\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 3999,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_AllowAll\",\r\n \"properties\": {\r\n \"description\": \"Allow all inbound traffic that isn't explicitly blocked by Port Lockdown restrictions\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 4000,\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectSubnetsDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_collectSubnets_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"nsgResourceId\": {\r\n \"value\": \"[resourceid('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"dependsOn\": [\r\n \"[variables('nsgName')]\"\r\n ],\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_overwriteVnet_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"updatedSubnets\": {\r\n \"value\": \"[reference(variables('collectSubnetsDeploymentName')).outputs.updatedSubnets.value]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"nsgPrefix\": {\r\n \"value\": \"[parameters('nsgPrefix')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/210ed8bd-6b07-4d5e-a62c-c34f07293288\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"210ed8bd-6b07-4d5e-a62c-c34f07293288\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit all Microsoft.Web/sites/config/authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/211a466d-b2be-46e8-b029-8c28f566f118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"211a466d-b2be-46e8-b029-8c28f566f118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of a tag2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits that a required tag is present on resources\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"notcontainsKey\": \"[parameters('tagName')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24813039-7534-408a-9842-eb99f45721b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append single location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.locationTest\",\r\n \"value\": \"[parameters('allowedLocation')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin oms vm linux parameterized effect\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"263f13f4-6b88-4788-bead-34beedde70ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test guest assignment\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/28e54a72-2fd7-40d3-afe2-b05423e0147a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"28e54a72-2fd7-40d3-afe2-b05423e0147a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"2nd attempt on this policy. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"notIn\": \"[parameters('allowedLocations')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd60841400\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd60841400\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-combined\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"the combined policy attempt for both cosmos db cases. \",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"locationNames\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd6084180f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd6084180f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage ip rules append 2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.ipRules\",\r\n \"value\": [\r\n {\r\n \"value\": \"8.8.8.8\",\r\n \"action\": \"Allow\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/2b2317a7-ab02-47b5-8159-eb7e6227709f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2b2317a7-ab02-47b5-8159-eb7e6227709f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[demo] Enforce KeyVault diagnostic log storage\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"[tolower(concat('cheggkv', parameters('location')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('cheggremdemo', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/332ce4ac-9200-4573-8c66-92b85fc82c8d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"332ce4ac-9200-4573-8c66-92b85fc82c8d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_enableAutomaticFailover\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/enableAutomaticFailover\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_defaultConsistencyLevel\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/consistencyPolicy.defaultConsistencyLevel\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0b7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_readLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_writeLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_failoverPolicies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd160\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c0df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c0df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL and Managed Instance TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c144\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c144\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services vaults test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"vault\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vault\",\r\n \"description\": \"The Recovery Services Vault.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n },\r\n \"vaults\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vaults\",\r\n \"description\": \"The list of Recovery Services Vaults.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('vault')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('vaults')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b2c1b0f-63c5-4943-8578-6d37fbe411bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b2c1b0f-63c5-4943-8578-6d37fbe411bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b788cf8-ff6f-4075-86a1-ab76270790e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b788cf8-ff6f-4075-86a1-ab76270790e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3cc5820a-cbb8-4977-9c90-d90ced95f12c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3cc5820a-cbb8-4977-9c90-d90ced95f12c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Name should have prefix and suffix\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Name should have prefix and suffix\",\r\n \"parameters\": {\r\n \"prefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The prefix\",\r\n \"description\": \"The name prefix\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"suffix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The suffix\",\r\n \"description\": \"The name suffix.\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('prefix'), '*', parameters('suffix'))]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e275e2e-a157-4ade-8f91-43b3ea370007\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e275e2e-a157-4ade-8f91-43b3ea370007\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Restrict VM skus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Restricts allowed VM skus to a predefined regex\",\r\n \"parameters\": {\r\n \"allowedSkuTemplate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed VM sku template\",\r\n \"description\": \"The VM sku template. Supports wildcards via '*'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"like\": \"[parameters('allowedSkuTemplate')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e34c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e34c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKU\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits the use of storage account SKUs that don't meet organizational cost policy.\",\r\n \"parameters\": {\r\n \"listOfAllowedSkus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of allowed SKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSkus')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e3682\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e3682\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaDataFactoryTest1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"RobgaDataFactoryTest\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataFactory/factories\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/robgatestworkspace/providers/Microsoft.OperationalInsights/workspaces/robgatestworkspace\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce autoUpgrade on VM/VMSS extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies any VM or VMSS extensions that do not have autoUpgradeMinorVersion set to true.\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f772\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f772\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically enabled autoUpgradeMinorVersion on VM extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f783\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f783\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM scale set extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically appends autoUpgradeMinorVersion=true to VMSS extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f7a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f7a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService must use serverFarm\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService serverFarm must have capacity > 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/serverFarms\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/serverFarms/sku.capacity\",\r\n \"in\": [\r\n \"0\",\r\n \"1\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc23\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc23\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Definition to be deleted.\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy will deploy a key vault named KV_B if a key vault named KV_A does not exist.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"KV_B\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-10-01\",\r\n \"name\": \"KV_A\",\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"location\": \"eastus2\",\r\n \"properties\": {\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"sku\": {\r\n \"family\": \"A\",\r\n \"name\": \"standard\"\r\n },\r\n \"accessPolicies\": []\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/48ba81c1-0012-4796-8166-c2efb4304190\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48ba81c1-0012-4796-8166-c2efb4304190\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Do_Not_Delete\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy is used for unit tests. Please do not delete it.\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4a0425e4-97bf-4ad0-ab36-145b94083c60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4a0425e4-97bf-4ad0-ab36-145b94083c60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny MySQL firewallRules starting with 0\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4b94c320-ce63-4fb6-ba9d-7dbe648b90de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4b94c320-ce63-4fb6-ba9d-7dbe648b90de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83686598\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"deny the creation of storage if supportsHttpsTrafficOnly is false\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"detect 'allow All' NSG rule\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c915617-16f0-4c62-b021-e66d5409d11d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c915617-16f0-4c62-b021-e66d5409d11d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332195\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332199\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332199\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny storage container creation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts/blobServices/containers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4d2f8837-7acb-4488-b580-95960ee3f116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d2f8837-7acb-4488-b580-95960ee3f116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure auto-created NSG rules exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ensures that security rules created in auto-created PortLockdown NSGs are not tampered with\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string applied to automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to in the expected security rule. I.e. 192.4.0.0/8;192.5.0.0/8 or *\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions in the expected security rule\"\r\n }\r\n },\r\n \"priority\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected priority\",\r\n \"description\": \"The priority of the expected security rule.\"\r\n }\r\n },\r\n \"access\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected access\",\r\n \"description\": \"The access (allow/deny) of the expected security rule.\"\r\n },\r\n \"allowedValues\": [\r\n \"Allow\",\r\n \"Deny\"\r\n ]\r\n },\r\n \"name\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected name\",\r\n \"description\": \"The name of the expected security rule.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('nsgPrefix'), '-', field('location'))]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"equals\": \"[parameters('priority')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"[parameters('access')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"name\": {\r\n \"type\": \"string\"\r\n },\r\n \"priority\": {\r\n \"type\": \"string\"\r\n },\r\n \"access\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"isSinglePrefix\": \"[equals(count(parameters('sourceAddressPrefixes')), 1)]\",\r\n \"isSinglePortRange\": \"[equals(count(parameters('destinationPortRanges')), 1)]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('nsgName'), '/', parameters('name'))]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"properties\": {\r\n \"description\": \"Rule auto-created by Internet Exposed Endpoints protection\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[if(variables('isSinglePortRange'), first(parameters('destinationPortRanges')), '')]\",\r\n \"destinationPortRanges\": \"[if(not(variables('isSinglePortRange')), parameters('destinationPortRanges'), json('[]'))]\",\r\n \"sourceAddressPrefix\": \"[if(variables('isSinglePrefix'), first(parameters('sourceAddressPrefixes')), '')]\",\r\n \"sourceAddressPrefixes\": \"[if(not(variables('isSinglePrefix')), parameters('sourceAddressPrefixes'), json('[]'))]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"[parameters('access')]\",\r\n \"priority\": \"[int(parameters('priority'))]\",\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"name\": {\r\n \"value\": \"[parameters('name')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[parameters('priority')]\"\r\n },\r\n \"access\": {\r\n \"value\": \"[parameters('access')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f283ec4-25a9-46df-bbf2-806ed5a3e115\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rs defaultvalue backslash\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Extensions to Exclude\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \".FWD;.GSC;.GSE;.MYD;.MYI;.SMD;.VAC;.BAK;.CHK;.FRM;.LDF;.LOG;.MBX;.MDF;.NDF;.TRN;.UND;.UNF;.UNH;.UNI;.UNQ;.UNS;.VHD;.VMDX;.WCI;.EDB;.SDS\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Paths to Exclude\",\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Sysvol;C:\\\\ProgramData\\\\Microsoft\\\\SharePoint;C:\\\\Program Files\\\\Common Files\\\\Microsoft Shared\\\\Web Server Extensions;C:\\\\Program Files\\\\Operations Manager;C:\\\\Program Files\\\\Microsoft Monitoring Agent;C:\\\\Program Files\\\\Microsoft Office Servers;C:\\\\Program Files\\\\Microsoft System Center 2012 R2\\\\Server;C:\\\\Program Files\\\\System Center Operations Manager;C:\\\\Program Files\\\\System Center Operations Manager 2007;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\NTDS;C:\\\\Windows\\\\System32\\\\LogFiles;C:\\\\Windows\\\\Sysvol;C:\\\\Program Files\\\\Double-Take Software;C:\\\\Program Files\\\\DoubleTake;C:\\\\Program Files\\\\Exchsrvr;C:\\\\Program Files\\\\Ipswitch;C:\\\\Program Files\\\\LogMeIn;C:\\\\Windows\\\\SoftwareDistribution\\\\Datastore;C:\\\\Windows\\\\Temp\\\\Gthrsvc\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Processes to Exclude\",\r\n \"description\": \"Semicolon delimited list of processes to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"HealthService.exe;ManagementService.exe;Microsoft.Mom.Sdk.Service.exe;Microsoft.Mom.ConfigServiceHost.exe;MonitoringHost.exe;pagefile.sys\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable real time protection\",\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Scheduled scans\",\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n },\r\n \"defaultValue\": \"false\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Scheduled Scan Type\",\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n },\r\n \"defaultValue\": \"Quick\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Day of Scheduled Scan\",\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n },\r\n \"defaultValue\": \"7\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Time of Scheduled Scan\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"120\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"value\": \"[parameters('ExclusionsExtensions')]\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"value\": \"[parameters('ExclusionsPaths')]\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"value\": \"[parameters('ExclusionsProcesses')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"[parameters('RealtimeProtectionEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsIsEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsDay')]\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsTime')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50877efd-8dd9-43d5-b4e6-3b70e64311b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50877efd-8dd9-43d5-b4e6-3b70e64311b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy key vault KV_B if key vault KV_A does not exist.\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy will deploy a key vault named KV_B if a key vault named KV_A does not exist.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"KV_B\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-10-01\",\r\n \"name\": \"KV_A\",\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"location\": \"eastus2\",\r\n \"properties\": {\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"sku\": {\r\n \"family\": \"A\",\r\n \"name\": \"standard\"\r\n },\r\n \"accessPolicies\": []\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50e2972e-143c-4edf-9ef6-bee0f84212d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaTestRbac\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Authorization/roleAssignments/principalId\",\r\n \"equals\": \"Admin\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/560482cd-dac5-41e6-9cef-b0aecd6020de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"560482cd-dac5-41e6-9cef-b0aecd6020de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"GokmenhAuditLocation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit if not west us\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5948d091-78b7-4d3b-a404-cc6a0329b0c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5948d091-78b7-4d3b-a404-cc6a0329b0c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"deployifnotexist template alias tests - redis\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/Redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/sku.family\",\r\n \"equals\": \"C\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"Whatever*\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"type\": \"string\"\r\n },\r\n \"nameField\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuFamilyOut\": {\r\n \"value\": \"[parameters('skuFamily')]\",\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPortOut\": {\r\n \"value\": \"[parameters('enableNonSslPort')]\",\r\n \"type\": \"string\"\r\n },\r\n \"nameFieldOut\": {\r\n \"value\": \"[parameters('nameField')]\",\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/sku.family')]\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/enableNonSslPort')]\"\r\n },\r\n \"nameField\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"exists\": \" false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca376\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca376\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86318519\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86318519\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallrules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"AllowAllWindowsAzureIps\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca600\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca600\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"exists\": \"true\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"notIn\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca8d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca8d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Test storage alias\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Test storage alias\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"type\": \"string\"\r\n },\r\n \"encrypt\": {\r\n \"type\": \"string\"\r\n },\r\n \"accessTier\": {\r\n \"type\": \"string\"\r\n },\r\n \"skuName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuNameOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('skuName')]\"\r\n },\r\n \"accessTierOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('accessTier')]\"\r\n },\r\n \"httpsOnlyOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('httpsOnly')]\"\r\n },\r\n \"encryptOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('encrypt')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly')]\"\r\n },\r\n \"encrypt\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/enableBlobEncryption')]\"\r\n },\r\n \"accessTier\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/accessTier')]\"\r\n },\r\n \"skuName\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/sku.name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5fa69139-9a49-464e-90b5-0d243a469138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5fa69139-9a49-464e-90b5-0d243a469138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit costcenter tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"value\": \"[resourceGroup().tags.CostCenter]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6ced0d17-98f3-41e2-8038-08c8f4fb90e3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6ced0d17-98f3-41e2-8038-08c8f4fb90e3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim Apply allowed tag and its default value\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"3\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n },\r\n \"allowedValues\": [\r\n \"TagA\",\r\n \"TagB\"\r\n ]\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6d1735de-f3e3-4c40-a8b2-7b3a1042a895\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6d1735de-f3e3-4c40-a8b2-7b3a1042a895\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": null\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"3\"\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"Metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The metric operator.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"The timeAggregation.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"The window size.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"The evaluation frequency.\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The action group id.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('alertNamePrefix'), '*')]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(toLower(parameters('alertNamePrefix')), uniqueString(resourceGroup().id))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6f2c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6f2c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testImageId\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"css\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"contains\": \"resourceGroups/testSandipsh\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/70dc1e8d-61c9-4089-8bf5-895b227c1298\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"70dc1e8d-61c9-4089-8bf5-895b227c1298\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"policyTrackedResources-sdk-tests\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"notIn\": [\r\n \"policyTrackedResources-sdk-tests-rule1\",\r\n \"policyTrackedResources-sdk-tests-rule2\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule1')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule2')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2001,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny if blob is not encrypted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/74d5cf40-7293-46a4-a285-7ea971e3719a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"74d5cf40-7293-46a4-a285-7ea971e3719a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Location restriction\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Policy to force allocations to a set of given locations\",\r\n \"metadata\": {\r\n \"category\": \"cstack\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/763dcd1d-a4a9-46a8-8bd3-357c4533a335\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"763dcd1d-a4a9-46a8-8bd3-357c4533a335\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"chegg deploy VMSS extension\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"GenevaMonitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Geneva\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-01\",\r\n \"name\": \"[concat(parameters('vmssName'), '/', 'genevaExtension2')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Geneva\",\r\n \"type\": \"GenevaMonitoring\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {}\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/767d74dd-8fe3-4ef2-a38a-52164f9230da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"767d74dd-8fe3-4ef2-a38a-52164f9230da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83577342 deny proxy resource location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/83577342/home\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"eastus\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingjobs/transformations\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/77429b44-aac1-4417-a53e-6900c07e11ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"77429b44-aac1-4417-a53e-6900c07e11ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Block TLS < 1.2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/slots/config\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\r\n \"notEquals\": \"1.2\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/78c5df31-2f05-4f4d-acfe-3e536d88c1bc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"78c5df31-2f05-4f4d-acfe-3e536d88c1bc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny ActiveDirectory administrators\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/administrators/administratorType\",\r\n \"equals\": \"ActiveDirectory\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash weird chars\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR!@#$%^&*()_+=-{}[];:',.<>?~`/;C:\\\\hello\\\\there\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7f4d769f-78db-46eb-ac3c-0b8214f8c245\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f4d769f-78db-46eb-ac3c-0b8214f8c245\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock v2\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/83daa8ee-7c9a-470c-81a8-5a99ac09d134\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83daa8ee-7c9a-470c-81a8-5a99ac09d134\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"northwell.io\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/86cd412c-c557-473b-984c-a5f15cdcb116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86cd412c-c557-473b-984c-a5f15cdcb116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Parameterized effect (if location != eastus)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The policy effect.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"eastus\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"885f1dcb-a9c5-4c8c-8996-2702db44a2d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.xyz\",\r\n \"exists\": false\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8959fd87-c1dd-4831-9034-a4f876bee1cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8959fd87-c1dd-4831-9034-a4f876bee1cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Kubernetes ingress policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Only specified ingress is allowed based on names\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere applicability test 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/whatever\"\r\n },\r\n {\r\n \"field\": \"tags.applicability\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8e6b598c-1a45-404b-97dd-983e37c040da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8e6b598c-1a45-404b-97dd-983e37c040da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_ipRangeFilter\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/ipRangeFilter\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9012b1cd-b045-46c6-a510-6137e06a009c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash (array)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": [\r\n \"C:\\\\rs-pkgs\",\r\n \"C:\\\\System Volume Information\\\\DFSR\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/985adbc0-6d2e-448a-ac26-89d3688191d5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"985adbc0-6d2e-448a-ac26-89d3688191d5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github209\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/virtualNetworkRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9a060c03-fda7-4b0a-b4da-15e2b7e4d117\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9a060c03-fda7-4b0a-b4da-15e2b7e4d117\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - Subscription Lvl test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Subscriptionlevel auditIfNotExist policy\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a1b067c8-2970-4c0b-b0da-31ae7f33d1de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1b067c8-2970-4c0b-b0da-31ae7f33d1de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Noop\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Don't do anything\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"yabba\",\r\n \"dabba\",\r\n \"doo\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a309ad64-0bae-48d9-a6b1-d99c0b4218b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a309ad64-0bae-48d9-a6b1-d99c0b4218b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyof\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a337c781-c7d8-4e12-ae69-1951c7e74378\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a337c781-c7d8-4e12-ae69-1951c7e74378\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127 - better\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\",\r\n \"Deny\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"81196380\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure https traffic only for storage account\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure https traffic only for storage account\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"true\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscription name tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"add subscription name tag\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionname\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionname\",\r\n \"value\": \"[subscription().displayName]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d82a2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d82a2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Add subscription \\\"id\\\" tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.id\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.id\",\r\n \"value\": \"[subscription().id]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8339\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8339\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscriptionId tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionId\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionId\",\r\n \"value\": \"[subscription().subscriptionId]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8635\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8635\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgaNSGtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/aeb6a524-e3d1-4b8a-afa8-26ae4e291116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aeb6a524-e3d1-4b8a-afa8-26ae4e291116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed Location Indexed\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"hackathon policy\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Allowed-Locations-Indexed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Allowed-Locations-Indexed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if antiMalware extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy audits if the anti malware extension .\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/antiMalwareExtensionExists\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"antiMalwareExtensionExists\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Web socket must be disabled on App Services\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures web sockets are disabled on App Services.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/AppServiceWebSockets\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"AppServiceWebSockets\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure Security Center must be enabled\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures Azure Security Center is enabled.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ASCEnabled\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ASCEnabled\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and it's value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and its value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits if a required extension doesn't exist.\",\r\n \"parameters\": {\r\n \"publisher\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The publisher of the extension\",\r\n \"displayName\": \"Extension Publisher\"\r\n }\r\n },\r\n \"type\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The type of the extension\",\r\n \"displayName\": \"Extension Type\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"[parameters('publisher')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"[parameters('type')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/audit-vm-extension\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"audit-vm-extension\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"CanCrudPolicyAssignment Policy Definition $[Auto Test]\",\r\n \"policyType\": \"Custom\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"ResourceProviderTestHost/TestResourceType/TestResourceTypeNestedOne/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/azsmnet6487\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"azsmnet6487\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"89322663 audit diag setting\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"description\": \"The list of resources types to audit for missing diagnostic log settings.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"details\": {\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"equals\": \"true\",\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\"\r\n }\r\n ]\r\n },\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\"\r\n },\r\n \"effect\": \"AuditIfNotExists\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b350b9b0-8ba5-4867-bc9c-63b4544671b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b350b9b0-8ba5-4867-bc9c-63b4544671b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"makharchtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"policy\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b36f6195-0fc5-4a41-bbce-875248400f5f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b36f6195-0fc5-4a41-bbce-875248400f5f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash really long string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b9203c56-0565-434a-a315-87f4da9f21b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b9203c56-0565-434a-a315-87f4da9f21b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"NSG Rules exists test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].protocol\",\r\n \"notLike\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/bb6a78ae-8737-41e0-9c41-cc777c8c00a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bb6a78ae-8737-41e0-9c41-cc777c8c00a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c0f586f1-abe5-4801-8588-7332e49e60c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c0f586f1-abe5-4801-8588-7332e49e60c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"234\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logprofiles\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/logprofiles\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Doublecheck the lifecycle tag policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy refers to tags['Lifecycle'], which with the current implementation of the escaped tags syntax will refer to a tag named 'Lifecycle' (quotes and all). This is a customer policy that would be broken when I switch the meaning of tags['Lifecycle'] to refer simply to a tag named Lifecycle (no quotes)\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['Lifecycle']\",\r\n \"notIn\": [\r\n \"dev\",\r\n \"tst\",\r\n \"stg\",\r\n \"prd\",\r\n \"trn\",\r\n \"prf\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c6be98a9-8108-40aa-b726-d2ae8e2891b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c6be98a9-8108-40aa-b726-d2ae8e2891b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe resource group auditIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c7b9982d-2f50-4730-935f-5c241982a441\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c7b9982d-2f50-4730-935f-5c241982a441\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed resource types\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": \"The list of allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('allowedTypes')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c872f951-1c5d-4c61-89dd-aee2350a11ba\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8b79b49-a579-4045-984e-1b249ab8b474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8cedfaa-4aa0-465a-8b90-49caf8177158\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8cedfaa-4aa0-465a-8b90-49caf8177158\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere css block NSG changes\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/95894791/home\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"nsgName\",\r\n \"description\": \"The name of the NSG.\"\r\n },\r\n \"defaultValue\": \"nsgName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('nsgName')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"fullName\",\r\n \"like\": \"[concat(parameters('nsgName'), '/*')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ca01432d-4278-45a6-8137-69f2155d2248\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ca01432d-4278-45a6-8137-69f2155d2248\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin empty string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure resource names meet the like condition for a pattern.\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"namePattern\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"namePattern\",\r\n \"description\": \"Pattern to use for names. Can include wildcard (*).\"\r\n },\r\n \"allowedValues\": [\r\n \"\",\r\n \"one\",\r\n \"two\"\r\n ],\r\n \"defaultValue\": \"\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('namePattern')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"camarvin-test-empty-assign\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere append 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.test\",\r\n \"value\": \"1\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny on 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.test\",\r\n \"equals\": \"1\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Resource name contains resource group name\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Require resources to contain the resource group's name\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"notContains\": \"[resourceGroup().name]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/contain-resource-group-name\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"contain-resource-group-name\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v3\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"third attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5002\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-deployIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"deploys a delete lock for a resource \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/0b88dfdb-55b3-4fb0-b474-5b6dcbe6b2ef/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"CanNotDelete\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {},\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"apiVersion\": \"2015-01-01\",\r\n \"name\": \"DeleteLock\",\r\n \"properties\": {\r\n \"level\": \"CanNotDelete\",\r\n \"notes\": \"prevent deletion\"\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5632\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5632\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce KeyVault diagnostic log storage (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"elperetest\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('elpere', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d0d9349d-843c-443a-9f27-5ce84f08c37e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d0d9349d-843c-443a-9f27-5ce84f08c37e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Access KV as part of remidiation deployment test (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"hello\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"outputs\": {\r\n \"testSecretOutput\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('testSecret')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"reference\": {\r\n \"keyVault\": {\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/elpere/providers/Microsoft.KeyVault/vaults/elpereKv\"\r\n },\r\n \"secretName\": \"test\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d35ce9be-f51b-4d3e-bc7f-dde2936381b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d35ce9be-f51b-4d3e-bc7f-dde2936381b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs (NSG level)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Overwrites security rules with IP restrictions at the NSG level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges may overlap.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"getNsgDeploymentName\": \"[concat('getNSGContent-', parameters('nsgName'))]\",\r\n \"collectorDeploymentName\": \"[concat('collectRules-', parameters('nsgName'))]\",\r\n \"overwriteNsgDeploymentName\": \"[concat('overwriteNsg-', parameters('nsgName'))]\",\r\n \"nsgResourceId\": \"[resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"nsgProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('nsgResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectorDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_collectRules_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"nsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"portRangesToRestrict\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_overwriteNSG_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"originalNsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"updatedSecurityRules\": {\r\n \"value\": \"[reference(variables('collectorDeploymentName')).outputs.updatedSecurityRules.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d7b13c30-e6aa-47e1-b50a-8e33f152d086\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d7b13c30-e6aa-47e1-b50a-8e33f152d086\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Audited skus\",\r\n \"description\": \"The list of skus.\",\r\n \"strongType\": \"storageSkus\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e90ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e90ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List Of Allowed SKUs\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"vmSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e9170\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e9170\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[elpere] deployIfNotExists Runners test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"deployIfNotExistsTestsRule\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/deployIfNotExistsTestsRule')]\",\r\n \"properties\": {\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbfa9fc0-5202-4001-8759-1aa2387f825b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbfa9fc0-5202-4001-8759-1aa2387f825b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"allowedOS\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"test_sandipsh\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedWindows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Windows VMs\",\r\n \"description\": \"The list of allowed VMs for Windows.\"\r\n }\r\n },\r\n \"listOfAllowedUbuntus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Ubuntu VMs\",\r\n \"description\": \"The list of allowed VMs for Ubuntu.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/disks\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"Canonical\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"UbuntuServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedUbuntus')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedWindows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services backup policies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"policies\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policies\",\r\n \"description\": \"The list of allowed Recovery Services backup policies.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n },\r\n \"policy\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policy\",\r\n \"description\": \"Allowed Recovery Services backup policy.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('policies')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('policy')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e3f9a624-b17d-4dc8-9649-65814d3241bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3f9a624-b17d-4dc8-9649-65814d3241bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"authSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their logs config\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"logs\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny changing sites authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"defaultValue: all parameters\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"defaultValue\"\r\n },\r\n \"parameters\": {\r\n \"locations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array)\",\r\n \"description\": \"The list of locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": [\r\n \"eastus\",\r\n \"westus\"\r\n ]\r\n },\r\n \"location\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string)\",\r\n \"description\": \"The location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"resourceGroups\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array)\",\r\n \"description\": \"The list of resource groups.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": [\r\n \"camarvin\"\r\n ]\r\n },\r\n \"resourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string)\",\r\n \"description\": \"The resource group.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": \"camarvin\"\r\n },\r\n \"tags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array)\",\r\n \"description\": \"The list of tags.\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"tag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string)\",\r\n \"description\": \"The tag.\"\r\n },\r\n \"defaultValue\": \"\"\r\n },\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array, av)\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": [\r\n \"eastus\"\r\n ]\r\n },\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string, av)\",\r\n \"description\": \"The allowed location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"allowedStorageSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array, av)\",\r\n \"description\": \"The list of allowed storage SKUs for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ]\r\n },\r\n \"allowedStorageSKU\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string, av)\",\r\n \"description\": \"The allowed storage SKU for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": \"Standard_LRS\"\r\n },\r\n \"allowedTags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array, av)\",\r\n \"description\": \"The list of allowed tags.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ]\r\n },\r\n \"allowedTag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string, av)\",\r\n \"description\": \"The allowed tag.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": \"FirstName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('locations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('resourceGroups')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('resourceGroup')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('tags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('tag')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedStorageSkus')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"Equals\": \"[parameters('allowedStorageSku')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedTags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"NotEquals\": \"[parameters('allowedTag')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ea1688b3-022e-4add-af39-2fe60689a3b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ea1688b3-022e-4add-af39-2fe60689a3b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny \\\"Allow All\\\" NSG rules\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies the creation of sourceAddressPrefix=\\\"*\\\", destinationPortRange=\\\"*\\\" NSG security rules\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"PortLockdown_AllowAll\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"notEquals\": \"4000\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github264\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/siteAuthSettings.enabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ef00ee9d-fe45-4d14-8bee-789eea392116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ef00ee9d-fe45-4d14-8bee-789eea392116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy enables you to audit your location.\",\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/LocationAuditDefinition\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"LocationAuditDefinition\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"northeurope\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/policy2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"policy2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps6386\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps6386\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps8886\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps8886\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9652\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps9652\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test policy\",\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testSandipsh.draft\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testSandipsh.draft\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testtest\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"testtest\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testtest\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testtest\"\r\n }\r\n ]\r\n}", + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines without disaster recovery configured\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"ASR-Protect-*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an Function app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"001802d1-4969-4c82-a700-c29c6c6f9bbd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"053d3325-282c-4e5c-b944-24faffd30d77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Data Lake Store\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057ef27e-665e-4328-8ea3-04b3122bd9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL DB Level Audit Setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit DB level audit setting for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit VMs that do not use managed disks\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0868462e-646c-4fe3-9ced-a733534b6a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08b17839-76c6-4015-90e0-33d9d54d219c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit minimum number of owners for subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate more than one subscription owner in order to have administrator access redundancy.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateMoreThanOneOwner\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted VM Disks in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0961003e-5a0a-4549-abde-af6a37f2724d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit resource location matches resource group location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that the resource location matches its resource group location\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"notIn\": [\r\n \"[resourcegroup().location]\",\r\n \"global\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a914e76-4921-4c19-b460-a2d36003525a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an function app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e60b895-3786-45da-8377-9c6b4b6ac5f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11ac78e3-31bc-4f0c-8434-37ab963cea07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the required content to audit that an application is installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"WhitelistedApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WhitelistedApplication\"\r\n },\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"installedApplication\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[Parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit transparent data encryption status\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit transparent data encryption status for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"enabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17k78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1c210e94-a481-4beb-95fa-1571b434fb04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicCompute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d84d5fb-01f6-4d12-ba4f-4a26081d403d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1de7b11d-1870-41a5-8181-507e7c663cfb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enforces a required tag and its value. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e30110a-5ceb-460c-a204-c1c3969c6d62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit provisioning of an Azure Active Directory administrator for SQL server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/administrators\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f314764-cb73-4fc9-b863-8eca98ac36e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected web application in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Web applications without a Web Application Firewall protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\",\r\n \"Microsoft.Web/hostingEnvironments\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201ea587-7c90-41c3-910f-c280ae01cfd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a API app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"224da9fe-0d38-4e79-adb3-0a6e2af942ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of only secure connections to your Redis Cache\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Cache\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22bee202-a82f-4305-9a2a-6d7f44d4dedb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordLength\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordLength\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit configuration of metric alert rules on Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit configuration of metric alert rules on Batch account to enable the required metric\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/alertRules\",\r\n \"existenceScope\": \"Subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\r\n \"equals\": \"[parameters('metricName')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\r\n \"equals\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', field('name'))]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Microsoft IaaSAntimalware extension for Windows Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys a Microsoft IaaSAntimalware extension with a default configuraion when a VM is not configured with the antimalware extension.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of process names to exclude from scanning\"\r\n }\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"false\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Quick\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"7\",\r\n \"metadata\": {\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"120\",\r\n \"metadata\": {\r\n \"description\": \"When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM.\"\r\n }\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2835b622-407b-4114-9198-6f7064cbe0dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Applies a required tag and its default value if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fde8a98-6892-426a-83ba-050e640c0ce0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32133ab0-ee4b-4b44-98d6-042180979d50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid232\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"equals\": \"Allow\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34c877ad-507e-4c82-993e-3452a6e0ad3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Logic Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Logic Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34f95f76-5386-4de7-b824-0d8478470c9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MaximumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MaximumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enablement of encryption of Automation account variables\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is important to enable encryption of Automation account variable assets when storing sensitive data\",\r\n \"metadata\": {\r\n \"category\": \"Automation\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts/variables\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Automation/automationAccounts/variables/isEncrypted\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3657f5a0-770e-44a3-b44e-9431ba1e9735\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Threat Detection is enabled on SQL Servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicStorage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in IoT Hubs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Internet of Things\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Devices/IotHubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"383856f8-de7f-44a2-81fc-e5135b5c2aa4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c1b3629-c8f8-4bf6-862c-037cb9094038\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Log Analytics Agent for Ubuntu VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace\",\r\n \"metadata\": {\r\n \"category\": \"Compute\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\",\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\",\r\n \"14.04.2-LTS\",\r\n \"12.04.5-LTS\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fe37002-5d00-4b37-a301-da09e3a0ca66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit secure transfer to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit requirment of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"404c3081-a854-4457-ae30-26a93ef643f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"428256e6-1fac-4f48-a757-df34c2b3336d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor permissive network access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"permissiveNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44452482-524f-4bf4-b852-0bff7cc4a3ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require SQL Server version 12.0\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures all SQL servers use version 12.0\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/version\",\r\n \"equals\": \"12.0\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46544d7b-1f0d-46f5-81da-5c1351de1b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce automatic OS upgrade with app health checks on VMSS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces usage of automatic OS upgrade with application health checks through health probes, which enables safer rollout by evaluating application health after each OS upgrade batch.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade\",\r\n \"equals\": \"True\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/networkProfile.healthProbe.id\",\r\n \"exists\": \"False\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f0161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible app Whitelisting in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible Application Whitelist configuration will be monitored by Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"applicationWhitelisting\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47a6b606-51aa-4496-8bb7-64b11cf66adc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48893b84-a2c8-4d9a-badf-835d5d1b7d53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Applies a required tag and its default value to resource groups if it is not specified by the user.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d1c04de-2172-403f-901b-90608c35c721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit maximum number of owners for a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateLessThanXOwners\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healty\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f11b553-d42e-4e3a-89be-32ca364cad4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with write permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df82f4f-773a-4a2d-97a2-422a806f1a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in India data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: West India, South India, Central India\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with read permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit the setting of ClusterProtectionLevel property to EncryptAndSign in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].name\",\r\n \"notEquals\": \"Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name\",\r\n \"notEquals\": \"ClusterProtectionLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value\",\r\n \"notEquals\": \"EncryptAndSign\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"617c02be-7f02-4efd-8836-3180d47b6c68\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit missing blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits storage accounts without blob encryption. It only applies to Microsoft.Storage resource types, not other storage providers. Possible network Just In Time access will be monitored by Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"655cb504-bcee-4362-bd4c-402e6aa38759\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a Function app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"664346d9-be92-43fb-a219-d595eeb76a90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a web application from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8450e2-6c61-43b4-be65-62e3a197bffe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization cannot deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that cannot be deployed.\",\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesNotAllowed')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdb9205-3462-4cfc-87d8-16c7860b53f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"EnforcePasswordHistory\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed storage account SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"StorageSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7433c107-6db4-4ad1-b57a-a76dce0154a1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in App Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"752c6934-9bcc-4749-b004-655e676ae2ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor VM Vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"vulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"760a85ff-6162-42b3-8d70-698e268f648c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"IaaSDiagnostics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Diagnostics\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"LinuxDiagnostic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.OSTCExtensions\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c1b1214-f927-48bf-8882-84f0af6588b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e56b49b-5990-4159-a734-511ea19b731c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordMustMeetComplexityRequirements\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit diagnostic setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f89b1eb-583c-429a-8828-af049802c1d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a214f7-d01a-484b-91a9-ed54470c9a6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy SQL DB transparent data encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enables transparent data encryption on SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('fullDbName'), '/current')]\",\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"apiVersion\": \"2014-04-01\",\r\n \"properties\": {\r\n \"status\": \"Enabled\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"value\": \"[field('fullName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing system updates in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Missing security system updates on your servers will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"systemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86b3d65f-7626-441e-b690-81a8b71cff60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"not_installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"not_installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"884b209a-963b-4520-8006-d20cb3c213e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces a required tag and its value on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce3da23-7156-49e4-b145-24f95f9dcb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"StorePasswordsUsingReversibleEncryption\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9297c21d-2ed6-4474-b48f-163f75654ce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in European data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: North Europe, West Europe\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"northeurope\",\r\n \"westeurope\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"94c19f19-8192-48cd-a11b-e37099d3e36b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in United States data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"centralus\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"northcentralus\",\r\n \"southcentralus\",\r\n \"westus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"983211ba-f348-4758-983b-21fa29294869\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9bfe3727-0a17-471f-a2fe-eddd6b668745\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected network endpoints in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network endpoints without a Next Generation Firewall's protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedNetworkEndpoint\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9daedab3-fb2d-461e-b861-71790eead4f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that can be deployed.\",\r\n \"displayName\": \"Allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesAllowed')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a08ec900-254a-4555-9bf5-e42af04b5c5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Service Bus namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1817ec0-a368-432a-8057-8371e17ac6ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a451c1ef-c6ca-483d-87ed-f49761e3ffb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL server level Auditing settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audits the existence of SQL Auditing at the server level\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Desired Auditing setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enabled\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit standard tier of DDoS protection is enabled for a virtual network\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableDDoSProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce encryption on Data Lake Store accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures encryption is enabled on all Data Lake Store accounts\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DataLakeStore/accounts/encryptionState\",\r\n \"equals\": \"Disabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7ff3161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unencrypted SQL servers or databases will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a8bef009-a5c9-4d0f-90d7-6018734e8a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy network watcher when virtual networks are created\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"networkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[field('location')]\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-09-01\",\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"name\": \"[concat('networkWacher_', parameters('location'))]\",\r\n \"location\": \"[parameters('location')]\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with owner permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa633080-8b72-40c4-a2d7-d00c03e80bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Automatic provisioning of security monitoring agent\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Installs security agent on VMs for advanced security alerts and preventions in Azure Security Center. Applies only for subscriptions that use Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"securityAgent\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abcc6037-1fc4-47f6-aac5-89706589be24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'environment' tag value in allowed values\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.environment\",\r\n \"in\": [\r\n \"production\",\r\n \"dev\",\r\n \"test\",\r\n \"staging\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"endpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af6cd1bd-1635-48cb-bde7-5b15693900b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unaudited SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"SQL servers and databases which doesn't have SQL auditing turned on will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"auditing\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af8051bf-258b-44e2-a2bf-165330459f9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible network Just In Time (JIT) access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"jitNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM /etc/passwd file permissions are set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Event Hub namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b278e460-7cfc-4451-8294-cccc40a940d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"AuditSecureProtocol\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AuditSecureProtocol\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs for Search service\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Search\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an API app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b48334a4-911b-4084-b1ab-3e6a4e50b951\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of Azure Active Directory for client authentication in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit usage of client authentication only via Azure Active Directory in Service Fabric\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b54ed75b-3e1a-44ac-a333-05ba39b99ff0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be0a7681-bed4-48dc-9ff3-f0171ee170b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Asia data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastasia\",\r\n \"southeastasia\",\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\",\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Data Lake Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply Diagnostic Settings for Network Security Groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy automatically deploys diagnostic settings to network security groups.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist)\",\r\n \"description\": \"This resource group must already exist\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setbypolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"rgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"storageDeployName\": \"[concat('policyStorage_', uniqueString(parameters('location'), parameters('nsgName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('nsgName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [\r\n \"[variables('storageDeployName')]\"\r\n ],\r\n \"properties\": {\r\n \"storageAccountId\": \"[reference(variables('storageDeployName')).outputs.storageAccountId.value]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('storageDeployName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('rgName')]\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-06-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[concat(parameters('storageprefix'), parameters('location'))]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"location\": \"[parameters('location')]\",\r\n \"tags\": {\r\n \"created-by\": \"policy\"\r\n },\r\n \"scale\": null,\r\n \"properties\": {\r\n \"networkAcls\": {\r\n \"bypass\": \"AzureServices\",\r\n \"defaultAction\": \"Allow\",\r\n \"ipRules\": [],\r\n \"virtualNetworkRules\": []\r\n },\r\n \"supportsHttpsTrafficOnly\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"storageAccountId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[resourceId(parameters('rgName'), 'Microsoft.Storage/storageAccounts',concat(parameters('storagePrefix'), parameters('location')))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('rgName')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb510bfd-1cba-4d9f-a230-cb0976f4bb71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed virtual machine SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for virtual machines.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cccc23c7-8427-4f53-ad12-b6a63eb452b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'department' tag set\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation only if the 'department' tag is set\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags\",\r\n \"containsKey\": \"department\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd8dc879-a2ae-43c3-8211-1877c5755064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Key Vault\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf820ca0-f99e-4f3e-84fb-66e913812d21\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Function Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a Function app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a web application from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd2ea520-6b06-45c3-806e-ea297c23e06a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e01598e8-6538-41ed-95e8-8b29746cd697\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor OS vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"osVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3576e28-8b17-4677-84c3-db2990658d64\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"global\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"notEquals\": \"Microsoft.AzureActiveDirectory/b2cDirectories\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e56962a6-4747-49cd-b67b-bf8b01975c4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Node.js Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Node.js version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestNodeJS\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e67687e8-08d5-4e7f-8226-5b4753bba008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations for resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that resource groups can be created in.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e765b5de-1225-4ba3-bd56-1ac6695af988\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within a web application must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e797f851-8be7-4c40-bb56-2e3395215b0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an API app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration and Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid110\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"NotInstalledApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"NotInstalledApplication\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[Parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0633351-c7b2-41ff-9981-508fc08553c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid121\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if they not logging to the LA workspace specified in the policy/initiative assignment.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"notEquals\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f47b5582-33ec-4c5c-87c0-b010a6b2e917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of authorization rules on Event Hub entities\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit existence of authorization rules on Event Hub entities to grant least-privileged access\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/eventhubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/eventHubs/authorizationRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4826e5f-6a27-407c-ae3e-9582eb39891d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Auditing on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\",\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8456c1c-aa66-4dfb-861a-25d127b775c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Service Bus\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Stream Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Stream Analytics\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingJobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits that the specified application is installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor SQL vulnerability assessment results in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedinstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"feedbf84-6b99-488c-acc2-71c829aa5ffc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"cheggert: Append VMSS extension\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/virtualMachineProfile\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*].type\",\r\n \"notEquals\": \"GenevaMonitoring\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*]\",\r\n \"value\": {\r\n \"name\": \"Microsoft.Azure.Geneva.GenevaMonitoring\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Geneva\",\r\n \"type\": \"GenevaMonitoring\",\r\n \"typeHandlerVersion\": \"1.8\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {}\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/01b105ed-6ded-4a1d-894c-df85fd9351cb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"01b105ed-6ded-4a1d-894c-df85fd9351cb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage_httpsTrafficOnly\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/023217dd-81bb-461f-93ea-8799caac50c7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"023217dd-81bb-461f-93ea-8799caac50c7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"This shouldn't work\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This customer's policy is attempting to append multiple tags at once. I expect it will just append one tag with a really long name\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags['CostCenter','Department','ContactPerson','Environment','DataClassification']\",\r\n \"value\": [\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\",\r\n \"\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04183864-11ae-4e7a-aadb-c600e40ed1b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04183864-11ae-4e7a-aadb-c600e40ed1b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Inherit named tag from resource group\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Applies the tag value from the resource group if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[resourcegroup().tags[parameters('tagName')]]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/04904947-4d10-4454-9a50-f423d590e11b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04904947-4d10-4454-9a50-f423d590e11b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : AuditIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"deploys a delete lock for a resource \",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/0b88dfdb-55b3-4fb0-b474-5b6dcbe6b2ef/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"CanNotDelete\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {},\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"apiVersion\": \"2015-01-01\",\r\n \"name\": \"DeleteLock\",\r\n \"properties\": {\r\n \"level\": \"CanNotDelete\",\r\n \"notes\": \"prevent deletion\"\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ddd96d8-fccd-40cb-81d2-5072a4ed061c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ddd96d8-fccd-40cb-81d2-5072a4ed061c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robga-nsgtemplate-test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ddfee46-9b63-4313-a529-cfbf968d8118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ddfee46-9b63-4313-a529-cfbf968d8118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akif incident - 85944710\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 85944710\\nhttps://icm.ad.msft.net/imp/v3/incidents/details/85944710/home\\n\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af12870bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af12870bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"second attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af1287abe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e0d567a-6089-46fc-b12c-ca5af1287abe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"chegg: Deploy azsecpack autoupgrade (VMSS)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n }\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/extensionProfile.extensions[*].name\",\r\n \"notEquals\": \"Microsoft.Azure.Geneva.GenevaMonitoring\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"Microsoft.Azure.Geneva.GenevaMonitoring\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"GenevaMonitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Geneva\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/enableAutomaticUpgrade\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-10-01\",\r\n \"name\": \"[concat(parameters('vmssName'), '/Microsoft.Azure.Geneva.GenevaMonitoring')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"enableAutomaticUpgrade\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmssName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/0ec05dac-e529-48ef-8c20-f7e6af99a12b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ec05dac-e529-48ef-8c20-f7e6af99a12b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/123c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"123c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim nsg repro\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"fix\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/14ac45e9-df97-455d-b6ee-dd216f15f694\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"14ac45e9-df97-455d-b6ee-dd216f15f694\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim-incident-86226837-fix\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"1 - reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallRules\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/15358dd8-671e-4c96-be33-2b668791418f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"15358dd8-671e-4c96-be33-2b668791418f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Attempt service bus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logProfiles\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logProfiles/serviceBusRuleId\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/163c640e-681c-445f-92ba-cd434bd8c11c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"163c640e-681c-445f-92ba-cd434bd8c11c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.zyx\",\r\n \"exists\": \"false\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/17d43473-870f-4bc8-93c6-3961fa1d91cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17d43473-870f-4bc8-93c6-3961fa1d91cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"peterhaugeaudit\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Testing resource group in IfNotExists (not the intent of the original policy, but looks like there's some weirdness here)\\n\\nChanged: Microsoft.Resources/subscriptions/resourceGroups to Microsoft.Resources/resourceGroups\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"name\": \"EnforceServicePrincipalAccessToDevTestLabsResourceGroups\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/19153189-4506-4910-b7bc-756e0188a6f2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"19153189-4506-4910-b7bc-756e0188a6f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit all tags\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"tags\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags\",\r\n \"value\": \"[resourceGroup().tags]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1e3c9312-c011-40a3-ac40-3bf3ddc24120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e3c9312-c011-40a3-ac40-3bf3ddc24120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource group locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Allowed resource group locations\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f20036f-28c3-48f3-9266-05d50fe391f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f20036f-28c3-48f3-9266-05d50fe391f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"docdb_aliases_test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/isVirtualNetworkFilterEnabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/1f5360b7-fe59-43f7-8af5-825df420d09c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f5360b7-fe59-43f7-8af5-825df420d09c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ovewrites security rules with IP restrictions at the securityRule level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Limit to one protocol. The most inclusive should come last. I.e. 22;22-22;22-23\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"VirtualNetwork\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"priority\": {\r\n \"type\": \"int\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[parameters('fullRuleName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-02-01\",\r\n \"properties\": {\r\n \"protocol\": \"*\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[last(parameters('destinationPortRanges'))]\",\r\n \"access\": \"Allow\",\r\n \"direction\": \"Inbound\",\r\n \"priority\": \"[parameters('priority')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullRuleName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[field('Microsoft.Network/networksecurityGroups/securityRules/priority')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"20c4afd0-8a77-4433-b8b0-4ad06e4c7111\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy NSGs on Subnets\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforce that all subnets have a Network Security Group. If a subnet does not have one an NSG with the default Internet Exposed Endpoint restrictions will be created and associated with it.\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string to apply to all automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges must not overlap.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks/subnets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\",\r\n \"notEquals\": \"null\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgPrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"nsgName\": \"[concat(parameters('nsgPrefix'), '-', parameters('location'))]\",\r\n \"vnetName\": \"[split(parameters('fullResourceName'), '/')[0]]\",\r\n \"vnetResourceId\": \"[resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))]\",\r\n \"getVnetDeploymentName\": \"[concat('getVnet-', variables('vnetName'))]\",\r\n \"collectSubnetsDeploymentName\": \"[concat('collectSubnets-', variables('vnetName'))]\",\r\n \"overwriteVnetDeploymentName\": \"[concat('overwriteVnet-', variables('vnetName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"vnetProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('vnetResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[variables('nsgName')]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"securityRules\": [\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Restrict\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from specific IP ranges (either corpnet or SAW)\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"\",\r\n \"sourceAddressPrefixes\": \"[parameters('sourceAddressPrefixes')]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3997,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_AllowVnet\",\r\n \"properties\": {\r\n \"description\": \"Allow controlled port connections from within the VNET\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"VirtualNetwork\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 3998,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_ControlledPorts_Deny\",\r\n \"properties\": {\r\n \"description\": \"Deny any controlled port connections that aren't explicitly allowed in higher priority rules\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"\",\r\n \"destinationPortRanges\": \"[parameters('destinationPortRanges')]\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 3999,\r\n \"direction\": \"Inbound\"\r\n }\r\n },\r\n {\r\n \"name\": \"PortLockdown_AllowAll\",\r\n \"properties\": {\r\n \"description\": \"Allow all inbound traffic that isn't explicitly blocked by Port Lockdown restrictions\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 4000,\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectSubnetsDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_collectSubnets_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"nsgResourceId\": {\r\n \"value\": \"[resourceid('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"dependsOn\": [\r\n \"[variables('nsgName')]\"\r\n ],\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteVnetDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_overwriteVnet_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"vnetProperties\": {\r\n \"value\": \"[reference(variables('getVnetDeploymentName')).outputs.vnetProperties.value]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"updatedSubnets\": {\r\n \"value\": \"[reference(variables('collectSubnetsDeploymentName')).outputs.updatedSubnets.value]\"\r\n },\r\n \"vnetName\": {\r\n \"value\": \"[variables('vnetName')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullResourceName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"nsgPrefix\": {\r\n \"value\": \"[parameters('nsgPrefix')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/210ed8bd-6b07-4d5e-a62c-c34f07293288\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"210ed8bd-6b07-4d5e-a62c-c34f07293288\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit all Microsoft.Web/sites/config/authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/211a466d-b2be-46e8-b029-8c28f566f118\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"211a466d-b2be-46e8-b029-8c28f566f118\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of a tag2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits that a required tag is present on resources\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags\",\r\n \"notcontainsKey\": \"[parameters('tagName')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24813039-7534-408a-9842-eb99f45721b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append single location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.locationTest\",\r\n \"value\": \"[parameters('allowedLocation')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"25e0ce73-3c96-46fd-9f4d-b83b99ec11bf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin oms vm linux parameterized effect\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list\",\r\n \"strongType\": \"omsWorkspace\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"263f13f4-6b88-4788-bead-34beedde70ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere strange alias in field function\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"Tags['asdasd']\",\r\n \"equals\": \"[concat('whatever', 'a')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/26556185-593c-4866-9c0c-114ac0bf6120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26556185-593c-4866-9c0c-114ac0bf6120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test guest assignment\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/28e54a72-2fd7-40d3-afe2-b05423e0147a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"28e54a72-2fd7-40d3-afe2-b05423e0147a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"2nd attempt on this policy. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"notIn\": \"[parameters('allowedLocations')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd60841400\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd60841400\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-85944710-combined\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"the combined policy attempt for both cosmos db cases. \",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"locationNames\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"In\": \"[parameters('locationNames')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd6084180f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"290b38e4-eff9-434b-b4d3-3ddd6084180f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"storage ip rules append 2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.ipRules\",\r\n \"value\": [\r\n {\r\n \"value\": \"8.8.8.8\",\r\n \"action\": \"Allow\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/2b2317a7-ab02-47b5-8159-eb7e6227709f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2b2317a7-ab02-47b5-8159-eb7e6227709f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[demo] Enforce KeyVault diagnostic log storage\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"[tolower(concat('cheggkv', parameters('location')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('cheggremdemo', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/332ce4ac-9200-4573-8c66-92b85fc82c8d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"332ce4ac-9200-4573-8c66-92b85fc82c8d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_enableAutomaticFailover\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/enableAutomaticFailover\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_defaultConsistencyLevel\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/consistencyPolicy.defaultConsistencyLevel\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0b7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_readLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_writeLocations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd0ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_failoverPolicies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName\",\r\n \"equals\": \"lalala\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd160\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Threat Detection on ManagedInstances\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c0df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c0df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL and Managed Instance TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/388f3717-f877-4c56-9083-d448c837c144\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"388f3717-f877-4c56-9083-d448c837c144\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services vaults test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"vault\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vault\",\r\n \"description\": \"The Recovery Services Vault.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n },\r\n \"vaults\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery Services Vaults\",\r\n \"description\": \"The list of Recovery Services Vaults.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('vault')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('vaults')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b2c1b0f-63c5-4943-8578-6d37fbe411bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b2c1b0f-63c5-4943-8578-6d37fbe411bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3b788cf8-ff6f-4075-86a1-ab76270790e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b788cf8-ff6f-4075-86a1-ab76270790e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3cc5820a-cbb8-4977-9c90-d90ced95f12c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3cc5820a-cbb8-4977-9c90-d90ced95f12c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Name should have prefix and suffix\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Name should have prefix and suffix\",\r\n \"parameters\": {\r\n \"prefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The prefix\",\r\n \"description\": \"The name prefix\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"suffix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The suffix\",\r\n \"description\": \"The name suffix.\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('prefix'), '*', parameters('suffix'))]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e275e2e-a157-4ade-8f91-43b3ea370007\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e275e2e-a157-4ade-8f91-43b3ea370007\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Restrict VM skus\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Restricts allowed VM skus to a predefined regex\",\r\n \"parameters\": {\r\n \"allowedSkuTemplate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed VM sku template\",\r\n \"description\": \"The VM sku template. Supports wildcards via '*'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"like\": \"[parameters('allowedSkuTemplate')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e34c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e34c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKU\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audits the use of storage account SKUs that don't meet organizational cost policy.\",\r\n \"parameters\": {\r\n \"listOfAllowedSkus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of allowed SKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSkus')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e3682\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e3807c1-65c9-49e0-a406-82d8ae3e3682\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaDataFactoryTest1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"RobgaDataFactoryTest\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataFactory/factories\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/robgatestworkspace/providers/Microsoft.OperationalInsights/workspaces/robgatestworkspace\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce autoUpgrade on VM/VMSS extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies any VM or VMSS extensions that do not have autoUpgradeMinorVersion set to true.\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f772\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f772\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically enabled autoUpgradeMinorVersion on VM extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f783\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f783\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append autoUpgrade to VM scale set extensions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Automatically appends autoUpgradeMinorVersion=true to VMSS extensions\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion\",\r\n \"value\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f7a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39f7a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService must use serverFarm\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/serverFarmId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MSIT - AppService serverFarm must have capacity > 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/serverFarms\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/serverFarms/sku.capacity\",\r\n \"in\": [\r\n \"0\",\r\n \"1\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc23\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41f9e24d-1586-455f-811a-92a2ca39fc23\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Do_Not_Delete\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy is used for unit tests. Please do not delete it.\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4a0425e4-97bf-4ad0-ab36-145b94083c60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4a0425e4-97bf-4ad0-ab36-145b94083c60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny MySQL firewallRules starting with 0\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"equals\": \"0.0.0.0\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4b94c320-ce63-4fb6-ba9d-7dbe648b90de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4b94c320-ce63-4fb6-ba9d-7dbe648b90de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83686598\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"deny the creation of storage if supportsHttpsTrafficOnly is false\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c03a3e3-e038-4a55-a6a6-abf8e7bb9175\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"detect 'allow All' NSG rule\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4c915617-16f0-4c62-b021-e66d5409d11d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c915617-16f0-4c62-b021-e66d5409d11d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332195\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy Auditing on SQL servers with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\",\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332199\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf332199\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks without role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf33219f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Audit VMs that do not use managed disks with role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny storage container creation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts/blobServices/containers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4d2f8837-7acb-4488-b580-95960ee3f116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d2f8837-7acb-4488-b580-95960ee3f116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure auto-created NSG rules exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Ensures that security rules created in auto-created PortLockdown NSGs are not tampered with\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"NSG name prefix\",\r\n \"description\": \"The prefix string applied to automatically created network security groups.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to in the expected security rule. I.e. 192.4.0.0/8;192.5.0.0/8 or *\"\r\n }\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions in the expected security rule\"\r\n }\r\n },\r\n \"priority\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected priority\",\r\n \"description\": \"The priority of the expected security rule.\"\r\n }\r\n },\r\n \"access\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected access\",\r\n \"description\": \"The access (allow/deny) of the expected security rule.\"\r\n },\r\n \"allowedValues\": [\r\n \"Allow\",\r\n \"Deny\"\r\n ]\r\n },\r\n \"name\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expected name\",\r\n \"description\": \"The name of the expected security rule.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('nsgPrefix'), '-', field('location'))]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"equals\": \"[parameters('priority')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"[parameters('access')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"name\": {\r\n \"type\": \"string\"\r\n },\r\n \"priority\": {\r\n \"type\": \"string\"\r\n },\r\n \"access\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"isSinglePrefix\": \"[equals(count(parameters('sourceAddressPrefixes')), 1)]\",\r\n \"isSinglePortRange\": \"[equals(count(parameters('destinationPortRanges')), 1)]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('nsgName'), '/', parameters('name'))]\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"properties\": {\r\n \"description\": \"Rule auto-created by Internet Exposed Endpoints protection\",\r\n \"protocol\": \"*\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"[if(variables('isSinglePortRange'), first(parameters('destinationPortRanges')), '')]\",\r\n \"destinationPortRanges\": \"[if(not(variables('isSinglePortRange')), parameters('destinationPortRanges'), json('[]'))]\",\r\n \"sourceAddressPrefix\": \"[if(variables('isSinglePrefix'), first(parameters('sourceAddressPrefixes')), '')]\",\r\n \"sourceAddressPrefixes\": \"[if(not(variables('isSinglePrefix')), parameters('sourceAddressPrefixes'), json('[]'))]\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"[parameters('access')]\",\r\n \"priority\": \"[int(parameters('priority'))]\",\r\n \"direction\": \"Inbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"name\": {\r\n \"value\": \"[parameters('name')]\"\r\n },\r\n \"priority\": {\r\n \"value\": \"[parameters('priority')]\"\r\n },\r\n \"access\": {\r\n \"value\": \"[parameters('access')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f283ec4-25a9-46df-bbf2-806ed5a3e115\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rs defaultvalue backslash\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Extensions to Exclude\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \".FWD;.GSC;.GSE;.MYD;.MYI;.SMD;.VAC;.BAK;.CHK;.FRM;.LDF;.LOG;.MBX;.MDF;.NDF;.TRN;.UND;.UNF;.UNH;.UNI;.UNQ;.UNS;.VHD;.VMDX;.WCI;.EDB;.SDS\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Paths to Exclude\",\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Sysvol;C:\\\\ProgramData\\\\Microsoft\\\\SharePoint;C:\\\\Program Files\\\\Common Files\\\\Microsoft Shared\\\\Web Server Extensions;C:\\\\Program Files\\\\Operations Manager;C:\\\\Program Files\\\\Microsoft Monitoring Agent;C:\\\\Program Files\\\\Microsoft Office Servers;C:\\\\Program Files\\\\Microsoft System Center 2012 R2\\\\Server;C:\\\\Program Files\\\\System Center Operations Manager;C:\\\\Program Files\\\\System Center Operations Manager 2007;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\Temporary ASP.NET Files;C:\\\\Windows\\\\NTDS;C:\\\\Windows\\\\System32\\\\LogFiles;C:\\\\Windows\\\\Sysvol;C:\\\\Program Files\\\\Double-Take Software;C:\\\\Program Files\\\\DoubleTake;C:\\\\Program Files\\\\Exchsrvr;C:\\\\Program Files\\\\Ipswitch;C:\\\\Program Files\\\\LogMeIn;C:\\\\Windows\\\\SoftwareDistribution\\\\Datastore;C:\\\\Windows\\\\Temp\\\\Gthrsvc\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Processes to Exclude\",\r\n \"description\": \"Semicolon delimited list of processes to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"HealthService.exe;ManagementService.exe;Microsoft.Mom.Sdk.Service.exe;Microsoft.Mom.ConfigServiceHost.exe;MonitoringHost.exe;pagefile.sys\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable real time protection\",\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Scheduled scans\",\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n },\r\n \"defaultValue\": \"false\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Scheduled Scan Type\",\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n },\r\n \"defaultValue\": \"Quick\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Day of Scheduled Scan\",\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n },\r\n \"defaultValue\": \"7\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Time of Scheduled Scan\",\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n },\r\n \"defaultValue\": \"120\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"value\": \"[parameters('ExclusionsExtensions')]\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"value\": \"[parameters('ExclusionsPaths')]\"\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"value\": \"[parameters('ExclusionsProcesses')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"[parameters('RealtimeProtectionEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsIsEnabled')]\"\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsDay')]\"\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"value\": \"[parameters('ScheduledScanSettingsTime')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50877efd-8dd9-43d5-b4e6-3b70e64311b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50877efd-8dd9-43d5-b4e6-3b70e64311b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Deploy key vault KV_B if key vault KV_A does not exist.\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"This policy will deploy a key vault named KV_B if a key vault named KV_A does not exist.\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"KV_B\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-10-01\",\r\n \"name\": \"KV_A\",\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"location\": \"eastus2\",\r\n \"properties\": {\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"sku\": {\r\n \"family\": \"A\",\r\n \"name\": \"standard\"\r\n },\r\n \"accessPolicies\": []\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50e2972e-143c-4edf-9ef6-bee0f84212d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"RobgaTestRbac\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Authorization/roleAssignments/principalId\",\r\n \"equals\": \"Admin\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/560482cd-dac5-41e6-9cef-b0aecd6020de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"560482cd-dac5-41e6-9cef-b0aecd6020de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : definition param with assignPermissions\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/57ef268f-b414-436a-9894-125a81d80b30\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"57ef268f-b414-436a-9894-125a81d80b30\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"GokmenhAuditLocation\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit if not west us\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5948d091-78b7-4d3b-a404-cc6a0329b0c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5948d091-78b7-4d3b-a404-cc6a0329b0c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"deployifnotexist template alias tests - redis\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/Redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/sku.family\",\r\n \"equals\": \"C\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"Whatever*\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"type\": \"string\"\r\n },\r\n \"nameField\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuFamilyOut\": {\r\n \"value\": \"[parameters('skuFamily')]\",\r\n \"type\": \"string\"\r\n },\r\n \"enableNonSslPortOut\": {\r\n \"value\": \"[parameters('enableNonSslPort')]\",\r\n \"type\": \"string\"\r\n },\r\n \"nameFieldOut\": {\r\n \"value\": \"[parameters('nameField')]\",\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"skuFamily\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/sku.family')]\"\r\n },\r\n \"enableNonSslPort\": {\r\n \"value\": \"[field('Microsoft.Cache/Redis/enableNonSslPort')]\"\r\n },\r\n \"nameField\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/startIpAddress\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/firewallRules/endIpAddress\",\r\n \"exists\": \" false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca376\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca376\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86318519\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86318519\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/firewallrules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"AllowAllWindowsAzureIps\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca600\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca600\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"exists\": \"true\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"notIn\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca8d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b02be71-b0a4-4942-a376-9dc88d9ca8d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Test storage alias\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Test storage alias\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"DoesNotExist101\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"type\": \"string\"\r\n },\r\n \"encrypt\": {\r\n \"type\": \"string\"\r\n },\r\n \"accessTier\": {\r\n \"type\": \"string\"\r\n },\r\n \"skuName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"skuNameOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('skuName')]\"\r\n },\r\n \"accessTierOut\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('accessTier')]\"\r\n },\r\n \"httpsOnlyOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('httpsOnly')]\"\r\n },\r\n \"encryptOut\": {\r\n \"type\": \"String\",\r\n \"value\": \"[parameters('encrypt')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"httpsOnly\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly')]\"\r\n },\r\n \"encrypt\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/enableBlobEncryption')]\"\r\n },\r\n \"accessTier\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/accessTier')]\"\r\n },\r\n \"skuName\": {\r\n \"value\": \"[field('Microsoft.Storage/storageAccounts/sku.name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/5fa69139-9a49-464e-90b5-0d243a469138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5fa69139-9a49-464e-90b5-0d243a469138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"inherit costcenter tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.CostCenter\",\r\n \"value\": \"[resourceGroup().tags.CostCenter]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6ced0d17-98f3-41e2-8038-08c8f4fb90e3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6ced0d17-98f3-41e2-8038-08c8f4fb90e3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim Apply allowed tag and its default value\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"3\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n },\r\n \"allowedValues\": [\r\n \"TagA\",\r\n \"TagB\"\r\n ]\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6d1735de-f3e3-4c40-a8b2-7b3a1042a895\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6d1735de-f3e3-4c40-a8b2-7b3a1042a895\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testSandipsh metric alert policy1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"testSandipsh\"\r\n },\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": null\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"3\"\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"Metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The metric operator.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"The timeAggregation.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"The window size.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"The evaluation frequency.\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The action group id.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"[concat(parameters('alertNamePrefix'), '*')]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(toLower(parameters('alertNamePrefix')), uniqueString(resourceGroup().id))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/6f2c6354-fc96-4f54-984e-8d49d06a80a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6f2c6354-fc96-4f54-984e-8d49d06a80a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testImageId\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"css\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"contains\": \"resourceGroups/testSandipsh\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/70dc1e8d-61c9-4089-8bf5-895b227c1298\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"70dc1e8d-61c9-4089-8bf5-895b227c1298\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"policyTrackedResources-sdk-tests\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"notIn\": [\r\n \"policyTrackedResources-sdk-tests-rule1\",\r\n \"policyTrackedResources-sdk-tests-rule2\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule1')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/policyTrackedResources-sdk-tests-rule2')]\",\r\n \"properties\": {\r\n \"description\": \"Test Rule\",\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Allow\",\r\n \"priority\": 2001,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny if blob is not encrypted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/74d5cf40-7293-46a4-a285-7ea971e3719a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"74d5cf40-7293-46a4-a285-7ea971e3719a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Location restriction\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Policy to force allocations to a set of given locations\",\r\n \"metadata\": {\r\n \"category\": \"cstack\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/763dcd1d-a4a9-46a8-8bd3-357c4533a335\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"763dcd1d-a4a9-46a8-8bd3-357c4533a335\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ICM 83577342 deny proxy resource location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/83577342/home\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"eastus\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingjobs/transformations\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/77429b44-aac1-4417-a53e-6900c07e11ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"77429b44-aac1-4417-a53e-6900c07e11ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Block TLS < 1.2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/slots/config\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\r\n \"notEquals\": \"1.2\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/78c5df31-2f05-4f4d-acfe-3e536d88c1bc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"78c5df31-2f05-4f4d-acfe-3e536d88c1bc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny ActiveDirectory administrators\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.Sql/servers/administrators/administratorType\",\r\n \"equals\": \"ActiveDirectory\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e520b19-dac2-4bbf-b27b-dcd67a3f60e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash weird chars\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR!@#$%^&*()_+=-{}[];:',.<>?~`/;C:\\\\hello\\\\there\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/7f4d769f-78db-46eb-ac3c-0b8214f8c245\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f4d769f-78db-46eb-ac3c-0b8214f8c245\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-v2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"reproing incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\\n\\nAudits if a resource doesn't have a lock v2\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"ReadOnly\",\r\n \"CanNotDelete\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/83daa8ee-7c9a-470c-81a8-5a99ac09d134\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83daa8ee-7c9a-470c-81a8-5a99ac09d134\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"northwell.io\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/86cd412c-c557-473b-984c-a5f15cdcb116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86cd412c-c557-473b-984c-a5f15cdcb116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Parameterized effect (if location != eastus)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The policy effect.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"eastus\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"885f1dcb-a9c5-4c8c-8996-2702db44a2d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim exists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.xyz\",\r\n \"exists\": false\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8959fd87-c1dd-4831-9034-a4f876bee1cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8959fd87-c1dd-4831-9034-a4f876bee1cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Kubernetes ingress policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Only specified ingress is allowed based on names\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8dc89b7c-4ffa-4051-b93e-4e8f1bd5631a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere applicability test 1\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/whatever\"\r\n },\r\n {\r\n \"field\": \"tags.applicability\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/8e6b598c-1a45-404b-97dd-983e37c040da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8e6b598c-1a45-404b-97dd-983e37c040da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"audit_cosmosdb_ipRangeFilter\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/ipRangeFilter\",\r\n \"equals\": \"lalala\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9012b1cd-b045-46c6-a510-6137e06a009c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elperetest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"value\": \"[resourceGroup().tags['Hyphen-test']]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9389a21b-2134-414a-a579-e9f2709b2131\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9389a21b-2134-414a-a579-e9f2709b2131\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash (array)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": [\r\n \"C:\\\\rs-pkgs\",\r\n \"C:\\\\System Volume Information\\\\DFSR\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/985adbc0-6d2e-448a-ac26-89d3688191d5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"985adbc0-6d2e-448a-ac26-89d3688191d5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github209\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/virtualNetworkRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9a060c03-fda7-4b0a-b4da-15e2b7e4d117\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9a060c03-fda7-4b0a-b4da-15e2b7e4d117\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - Subscription Lvl test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Subscriptionlevel auditIfNotExist policy\",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a1b067c8-2970-4c0b-b0da-31ae7f33d1de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1b067c8-2970-4c0b-b0da-31ae7f33d1de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Noop\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Don't do anything\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"yabba\",\r\n \"dabba\",\r\n \"doo\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a309ad64-0bae-48d9-a6b1-d99c0b4218b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a309ad64-0bae-48d9-a6b1-d99c0b4218b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"HTTPS For Web Apps\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"CSS\",\r\n \"metadata\": {\r\n \"category\": \"WebApps\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyof\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"exists\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a337c781-c7d8-4e12-ae69-1951c7e74378\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a337c781-c7d8-4e12-ae69-1951c7e74378\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Case 118113021002127 - better\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": null\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\",\r\n \"Deny\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/hostNames[*]\",\r\n \"contains\": \"81196380\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a514cb15-f9d8-49c9-a1e1-8b6d1fe19121\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure https traffic only for storage account\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure https traffic only for storage account\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"true\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a5f66345-5fb9-4dfd-864a-e3464ee6c0c4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscription name tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"add subscription name tag\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionname\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionname\",\r\n \"value\": \"[subscription().displayName]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d82a2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d82a2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Add subscription \\\"id\\\" tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.id\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.id\",\r\n \"value\": \"[subscription().id]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8339\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8339\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"add subscriptionId tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.subscriptionId\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.subscriptionId\",\r\n \"value\": \"[subscription().subscriptionId]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8635\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a752f8cb-6498-4e40-8431-b658ca4d8635\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgaNSGtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"3389\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"3389\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/aeb6a524-e3d1-4b8a-afa8-26ae4e291116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aeb6a524-e3d1-4b8a-afa8-26ae4e291116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed Location Indexed\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"hackathon policy\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Allowed-Locations-Indexed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Allowed-Locations-Indexed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if antiMalware extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy audits if the anti malware extension .\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/antiMalwareExtensionExists\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"antiMalwareExtensionExists\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Web socket must be disabled on App Services\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures web sockets are disabled on App Services.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/AppServiceWebSockets\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"AppServiceWebSockets\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure Security Center must be enabled\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Ensures Azure Security Center is enabled.\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ASCEnabled\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ASCEnabled\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and it's value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit a tag and it's value\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Audits if a tag and it's value doesn't exist for a given resource\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"Audit a tag and its value\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if extension does not exist\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits if a required extension doesn't exist.\",\r\n \"parameters\": {\r\n \"publisher\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The publisher of the extension\",\r\n \"displayName\": \"Extension Publisher\"\r\n }\r\n },\r\n \"type\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The type of the extension\",\r\n \"displayName\": \"Extension Type\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"[parameters('publisher')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"[parameters('type')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/audit-vm-extension\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"audit-vm-extension\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"CanCrudPolicyAssignment Policy Definition $[Auto Test]\",\r\n \"policyType\": \"Custom\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"ResourceProviderTestHost/TestResourceType/TestResourceTypeNestedOne/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/azsmnet6487\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"azsmnet6487\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"89322663 audit diag setting\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"description\": \"The list of resources types to audit for missing diagnostic log settings.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"details\": {\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"equals\": \"true\",\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\"\r\n }\r\n ]\r\n },\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\"\r\n },\r\n \"effect\": \"AuditIfNotExists\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b350b9b0-8ba5-4867-bc9c-63b4544671b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b350b9b0-8ba5-4867-bc9c-63b4544671b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"makharchtest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"policy\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b36f6195-0fc5-4a41-bbce-875248400f5f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b36f6195-0fc5-4a41-bbce-875248400f5f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"default value backslash really long string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n },\r\n \"defaultValue\": \"C:\\\\rs-pkgs;C:\\\\System Volume Information\\\\DFSR;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple;C:\\\\Really Long Path\\\\We Want Multiple\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/b9203c56-0565-434a-a315-87f4da9f21b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b9203c56-0565-434a-a315-87f4da9f21b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"NSG Rules exists test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allof\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].protocol\",\r\n \"notLike\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/bb6a78ae-8737-41e0-9c41-cc777c8c00a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bb6a78ae-8737-41e0-9c41-cc777c8c00a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"Category\": \"Flintstones\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"yabba\",\r\n \"dabba\",\r\n \"doo\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/BedrockPolicy\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"BedrockPolicy\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c0f586f1-abe5-4801-8588-7332e49e60c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c0f586f1-abe5-4801-8588-7332e49e60c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"234\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logprofiles\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/logprofiles\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/logprofiles/retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c37cc5ff-3fbb-4444-a39d-09b9e6fb7116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Doublecheck the lifecycle tag policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy refers to tags['Lifecycle'], which with the current implementation of the escaped tags syntax will refer to a tag named 'Lifecycle' (quotes and all). This is a customer policy that would be broken when I switch the meaning of tags['Lifecycle'] to refer simply to a tag named Lifecycle (no quotes)\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags['Lifecycle']\",\r\n \"notIn\": [\r\n \"dev\",\r\n \"tst\",\r\n \"stg\",\r\n \"prd\",\r\n \"trn\",\r\n \"prf\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c6be98a9-8108-40aa-b726-d2ae8e2891b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c6be98a9-8108-40aa-b726-d2ae8e2891b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe resource group auditIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"testlock\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c7b9982d-2f50-4730-935f-5c241982a441\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c7b9982d-2f50-4730-935f-5c241982a441\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed resource types\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": \"The list of allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('allowedTypes')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c872f951-1c5d-4c61-89dd-aee2350a11ba\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit location\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8b79b49-a579-4045-984e-1b249ab8b474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL TDE\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"notEquals\": \"enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8cedfaa-4aa0-465a-8b90-49caf8177158\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8cedfaa-4aa0-465a-8b90-49caf8177158\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere css block NSG changes\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"https://icm.ad.msft.net/imp/v3/incidents/details/95894791/home\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"nsgName\",\r\n \"description\": \"The name of the NSG.\"\r\n },\r\n \"defaultValue\": \"nsgName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('nsgName')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"fullName\",\r\n \"like\": \"[concat(parameters('nsgName'), '/*')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ca01432d-4278-45a6-8137-69f2155d2248\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ca01432d-4278-45a6-8137-69f2155d2248\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"camarvin empty string\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensure resource names meet the like condition for a pattern.\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"namePattern\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"namePattern\",\r\n \"description\": \"Pattern to use for names. Can include wildcard (*).\"\r\n },\r\n \"allowedValues\": [\r\n \"\",\r\n \"one\",\r\n \"two\"\r\n ],\r\n \"defaultValue\": \"\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('namePattern')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"camarvin-test-empty-assign\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere append 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.test\",\r\n \"value\": \"1\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny on 'test' tag\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.test\",\r\n \"equals\": \"1\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ced59ff0-9061-49dd-94de-093b33a640d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Resource name contains resource group name\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Require resources to contain the resource group's name\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"notContains\": \"[resourceGroup().name]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/contain-resource-group-name\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"contain-resource-group-name\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86226837-v3\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"third attempt to repro this incident. \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/firewallRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5002\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe-incident-86230190-deployIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"deploys a delete lock for a resource \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/locks\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/0b88dfdb-55b3-4fb0-b474-5b6dcbe6b2ef/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Authorization/locks/level\",\r\n \"in\": [\r\n \"CanNotDelete\"\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {},\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Authorization/locks\",\r\n \"apiVersion\": \"2015-01-01\",\r\n \"name\": \"DeleteLock\",\r\n \"properties\": {\r\n \"level\": \"CanNotDelete\",\r\n \"notes\": \"prevent deletion\"\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5632\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03e03ca-6424-4e28-8842-5796dc0b5632\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce KeyVault diagnostic log storage (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Ensures that AuditEvents are collected from all Key Vaults in the subscription and stored in a specific storage account for 30 days.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"variables\": {\r\n \"storageName\": \"elperetest\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('vaultName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"storageAccountId\": \"[resourceid('elpere', 'Microsoft.Storage/storageAccounts', variables('storageName'))]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": true,\r\n \"days\": 30\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d0d9349d-843c-443a-9f27-5ce84f08c37e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d0d9349d-843c-443a-9f27-5ce84f08c37e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere deny test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"name\",\r\n \"equals\": \"elpereKv\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"elpere template paramters function tests\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"testing strange array behavior\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"contains\": \"lmao\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"String\"\r\n },\r\n \"dataDisks\": {\r\n \"type\": \"object\"\r\n },\r\n \"osDisk\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmVar\": \"[parameters('vmName')]\",\r\n \"dataDisksVar\": \"[parameters('dataDisks')]\"\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"vmNameOut\": {\r\n \"value\": \"[variables('vmVar')]\",\r\n \"type\": \"String\"\r\n },\r\n \"dataDisksOut\": {\r\n \"value\": \"[concat(array(parameters('osDisk')), if(empty(parameters('dataDisks').rawValue), parameters('dataDisks').emptyArray, array(parameters('dataDisks').rawValue)))]\",\r\n \"type\": \"array\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"dataDisks\": {\r\n \"value\": {\r\n \"rawValue\": \"[field('Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.id')]\",\r\n \"emptyArray\": []\r\n }\r\n },\r\n \"osDisk\": {\r\n \"value\": \"[field('Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.id')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d2532053-bf59-4095-a1ae-2b7e4744f119\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d2532053-bf59-4095-a1ae-2b7e4744f119\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Access KV as part of remidiation deployment test (elpere)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"hello\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"outputs\": {\r\n \"testSecretOutput\": {\r\n \"type\": \"string\",\r\n \"value\": \"[parameters('testSecret')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"testSecret\": {\r\n \"reference\": {\r\n \"keyVault\": {\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourceGroups/elpere/providers/Microsoft.KeyVault/vaults/elpereKv\"\r\n },\r\n \"secretName\": \"test\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d35ce9be-f51b-4d3e-bc7f-dde2936381b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d35ce9be-f51b-4d3e-bc7f-dde2936381b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - inv\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"inv \",\r\n \"metadata\": {\r\n \"category\": \"akhe\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\",\r\n \"details\": {\r\n \"functionId\": \"subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourcegroups/AKif2WebApp/providers/Microsoft.Logic/workflows/deneme\",\r\n \"payload\": {\r\n \"locations\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d54722e7-4665-47ce-9a82-2f96cebfe238\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d54722e7-4665-47ce-9a82-2f96cebfe238\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"akhe - incident - gardner\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"name\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"text\": {\r\n \"type\": \"string\",\r\n \"value\": \"Policy executed for resource [parameters('name')]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"name\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d54722e7-4665-47ce-9a82-2f96cebfe353\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d54722e7-4665-47ce-9a82-2f96cebfe353\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy security rule with restricted source IPs (NSG level)\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Overwrites security rules with IP restrictions at the NSG level\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Destination port ranges\",\r\n \"description\": \"Destination port ranges requiring IP restrictions. Ranges may overlap.\"\r\n }\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": \"The IP ranges incoming traffic will be restricted to. I.e. 192.4.0.0/8;192.5.0.0/8\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"in\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notIn\": \"[parameters('destinationPortRanges')]\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notLike\": \"*\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"type\": \"array\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"type\": \"array\"\r\n }\r\n },\r\n \"variables\": {\r\n \"getNsgDeploymentName\": \"[concat('getNSGContent-', parameters('nsgName'))]\",\r\n \"collectorDeploymentName\": \"[concat('collectRules-', parameters('nsgName'))]\",\r\n \"overwriteNsgDeploymentName\": \"[concat('overwriteNsg-', parameters('nsgName'))]\",\r\n \"nsgResourceId\": \"[resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('getNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"nsgProperties\": {\r\n \"type\": \"object\",\r\n \"value\": \"[reference(variables('nsgResourceId'), '2018-03-01', 'Full')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('collectorDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_collectRules_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"nsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"portRangesToRestrict\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2018-02-01\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"name\": \"[variables('overwriteNsgDeploymentName')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"templateLink\": {\r\n \"uri\": \"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_overwriteNSG_template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n },\r\n \"parameters\": {\r\n \"originalNsgProperties\": {\r\n \"value\": \"[reference(variables('getNsgDeploymentName')).outputs.nsgProperties.value]\"\r\n },\r\n \"updatedSecurityRules\": {\r\n \"value\": \"[reference(variables('collectorDeploymentName')).outputs.updatedSecurityRules.value]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[parameters('nsgName')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('sourceAddressPrefixes')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": \"[parameters('destinationPortRanges')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d7b13c30-e6aa-47e1-b50a-8e33f152d086\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d7b13c30-e6aa-47e1-b50a-8e33f152d086\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7121\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7126\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e712b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7130\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7135\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : [Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e713a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit storage account SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Audited skus\",\r\n \"description\": \"The list of skus.\",\r\n \"strongType\": \"storageSkus\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e90ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e90ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines SKUs\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Demo 323\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List Of Allowed SKUs\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"vmSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e9170\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbe1e663-7265-4cf4-96b5-7435b21e9170\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[elpere] deployIfNotExists Runners test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"deployIfNotExistsTestsRule\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-08-01\",\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/securityRules\",\r\n \"name\": \"[concat(parameters('nsgName'), '/deployIfNotExistsTestsRule')]\",\r\n \"properties\": {\r\n \"protocol\": \"Tcp\",\r\n \"sourcePortRange\": \"*\",\r\n \"destinationPortRange\": \"*\",\r\n \"sourceAddressPrefix\": \"*\",\r\n \"destinationAddressPrefix\": \"*\",\r\n \"access\": \"Deny\",\r\n \"priority\": 2000,\r\n \"direction\": \"Outbound\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/dbfa9fc0-5202-4001-8759-1aa2387f825b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dbfa9fc0-5202-4001-8759-1aa2387f825b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"allowedOS\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"test_sandipsh\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedWindows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Windows VMs\",\r\n \"description\": \"The list of allowed VMs for Windows.\"\r\n }\r\n },\r\n \"listOfAllowedUbuntus\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Ubuntu VMs\",\r\n \"description\": \"The list of allowed VMs for Ubuntu.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/disks\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"Canonical\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"UbuntuServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedUbuntus')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"MicrosoftWindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"WindowsServer\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSku\",\r\n \"in\": \"[parameters('listOfAllowedWindows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageVersion\",\r\n \"in\": [\r\n \"latest\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim recovery services backup policies\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"policies\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policies\",\r\n \"description\": \"The list of allowed Recovery Services backup policies.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n },\r\n \"policy\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Recovery Services backup policy\",\r\n \"description\": \"Allowed Recovery Services backup policy.\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('policies')]\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('policy')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e3f9a624-b17d-4dc8-9649-65814d3241bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3f9a624-b17d-4dc8-9649-65814d3241bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"authSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100120\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit web sites with tags on their logs config\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"description\": \"Seeing if authsettings can even be used in a ifnotexists policy before adding aliases.\",\r\n \"metadata\": {\r\n \"category\": \"\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"logs\",\r\n \"existenceCondition\": {\r\n \"field\": \"tags\",\r\n \"exists\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad3100125\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny changing sites authsettings\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"all\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"authsettings\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7c6ee79-2fdb-4c28-9a1f-9dcad31001bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"defaultValue: all parameters\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"defaultValue\"\r\n },\r\n \"parameters\": {\r\n \"locations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array)\",\r\n \"description\": \"The list of locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": [\r\n \"eastus\",\r\n \"westus\"\r\n ]\r\n },\r\n \"location\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string)\",\r\n \"description\": \"The location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"resourceGroups\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array)\",\r\n \"description\": \"The list of resource groups.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": [\r\n \"camarvin\"\r\n ]\r\n },\r\n \"resourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string)\",\r\n \"description\": \"The resource group.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n },\r\n \"defaultValue\": \"camarvin\"\r\n },\r\n \"tags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array)\",\r\n \"description\": \"The list of tags.\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"tag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string)\",\r\n \"description\": \"The tag.\"\r\n },\r\n \"defaultValue\": \"\"\r\n },\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, array, av)\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": [\r\n \"eastus\"\r\n ]\r\n },\r\n \"allowedLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (no scope, string, av)\",\r\n \"description\": \"The allowed location for resources.\",\r\n \"strongType\": \"location\"\r\n },\r\n \"allowedValues\": [\r\n \"eastus\",\r\n \"westus\",\r\n \"southus\"\r\n ],\r\n \"defaultValue\": \"eastus\"\r\n },\r\n \"allowedStorageSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (array, av)\",\r\n \"description\": \"The list of allowed storage SKUs for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ]\r\n },\r\n \"allowedStorageSKU\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Strong type (string, av)\",\r\n \"description\": \"The allowed storage SKU for resources.\",\r\n \"strongType\": \"storageSkus\"\r\n },\r\n \"allowedValues\": [\r\n \"Standard_LRS\",\r\n \"Standard_ZRS\",\r\n \"Standard_GRS\"\r\n ],\r\n \"defaultValue\": \"Standard_LRS\"\r\n },\r\n \"allowedTags\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (array, av)\",\r\n \"description\": \"The list of allowed tags.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ]\r\n },\r\n \"allowedTag\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Non strong type (string, av)\",\r\n \"description\": \"The allowed tag.\"\r\n },\r\n \"allowedValues\": [\r\n \"FirstName\",\r\n \"LastName\",\r\n \"Age\"\r\n ],\r\n \"defaultValue\": \"FirstName\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('locations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('resourceGroups')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('resourceGroup')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('tags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('tag')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('allowedLocation')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedStorageSkus')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"Equals\": \"[parameters('allowedStorageSku')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedTags')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"NotEquals\": \"[parameters('allowedTag')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ea1688b3-022e-4add-af39-2fe60689a3b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ea1688b3-022e-4add-af39-2fe60689a3b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deny \\\"Allow All\\\" NSG rules\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Denies the creation of sourceAddressPrefix=\\\"*\\\", destinationPortRange=\\\"*\\\" NSG security rules\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups/securityRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"PortLockdown_AllowAll\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/priority\",\r\n \"notEquals\": \"4000\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\r\n \"equals\": \"*\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/access\",\r\n \"equals\": \"Allow\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/direction\",\r\n \"equals\": \"Inbound\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\",\r\n \"in\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\r\n \"notIn\": [\r\n \"*\",\r\n \"Internet\"\r\n ]\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"github264\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/siteAuthSettings.enabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ef00ee9d-fe45-4d14-8bee-789eea392116\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ef00ee9d-fe45-4d14-8bee-789eea392116\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"GokmenhTestTagWithHyphen5\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"GokmenhTestTagWithHyphen5\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"tags.Hyphen-test\",\r\n \"value\": \"[resourceGroup().tags['Hyphen-test']]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/f2320be5-23be-4b58-8d8e-08c3044dd60f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f2320be5-23be-4b58-8d8e-08c3044dd60f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit allowed locations\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This policy enables you to audit your location.\",\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/LocationAuditDefinition\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"LocationAuditDefinition\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"equals\": \"northeurope\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/policy2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"policy2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps6386\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps6386\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9652\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps9652\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9867\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps9867\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"test policy\",\r\n \"parameters\": {\r\n \"resourceType\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Type\",\r\n \"description\": \"The target resource type.\"\r\n }\r\n },\r\n \"alertNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert name prefix\",\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert description.\",\r\n \"description\": \"The description of alert.\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"alertSeverity\",\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ]\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"isEnabled\",\r\n \"description\": \"Specifies whether the alert is enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ]\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\",\r\n \"description\": \"The operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\",\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window size\",\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"How often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ActionGroupId\",\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"[parameters('resourceType')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"equals\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', field('name'))]\"\r\n },\r\n \"existenceScope\": \"subscription\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"A prefix to be used for the metrics alert.\"\r\n }\r\n },\r\n \"alertDescription\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"This is a metric alert\",\r\n \"metadata\": {\r\n \"description\": \"Description of alert\"\r\n }\r\n },\r\n \"alertSeverity\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"3\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Severity of alert {0,1,2,3,4}\"\r\n }\r\n },\r\n \"isEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Specifies whether the alert is enabled\"\r\n }\r\n },\r\n \"metricName\": {\r\n \"type\": \"string\",\r\n \"minLength\": 1,\r\n \"metadata\": {\r\n \"description\": \"Name of the metric used in the comparison to activate the alert.\"\r\n }\r\n },\r\n \"operator\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"GreaterThan\",\r\n \"allowedValues\": [\r\n \"Equals\",\r\n \"NotEquals\",\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\",\r\n \"LessThan\",\r\n \"LessThanOrEqual\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"Operator comparing the current value with the threshold value.\"\r\n }\r\n },\r\n \"threshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"0\",\r\n \"metadata\": {\r\n \"description\": \"The threshold value at which the alert is activated.\"\r\n }\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Average\",\r\n \"allowedValues\": [\r\n \"Average\",\r\n \"Minimum\",\r\n \"Maximum\",\r\n \"Total\"\r\n ],\r\n \"metadata\": {\r\n \"description\": \"How the data that is collected should be combined over time.\"\r\n }\r\n },\r\n \"windowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"metadata\": {\r\n \"description\": \"Period of time used to monitor alert activity based on the threshold. Must be between five minutes and one day. ISO 8601 duration format.\"\r\n }\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"metadata\": {\r\n \"description\": \"how often the metric alert is evaluated represented in ISO 8601 duration format\"\r\n }\r\n },\r\n \"actionGroupId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The ID of the action group that is triggered when the alert is activated or deactivated\"\r\n }\r\n },\r\n \"resourceType\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The resource type of target resource.\"\r\n }\r\n },\r\n \"targetResourceName\": {\r\n \"type\": \"string\",\r\n \"metadata\": {\r\n \"description\": \"The target resource name.\"\r\n }\r\n }\r\n },\r\n \"variables\": {\r\n \"targetResourceType\": \"[parameters('resourceType')]\",\r\n \"resourceIdentifier\": \"[resourceId(variables('targetResourceType'), parameters('targetResourceName'))]\",\r\n \"alertName\": \"[concat(parameters('alertNamePrefix'), '-', resourcegroup().name, '-', parameters('targetResourceName'))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[variables('alertName')]\",\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"location\": \"global\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"tags\": {},\r\n \"properties\": {\r\n \"description\": \"[parameters('alertDescription')]\",\r\n \"severity\": \"[parameters('alertSeverity')]\",\r\n \"enabled\": \"[parameters('isEnabled')]\",\r\n \"scopes\": [\r\n \"[variables('resourceIdentifier')]\"\r\n ],\r\n \"evaluationFrequency\": \"[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\",\r\n \"allOf\": [\r\n {\r\n \"name\": \"1st criterion\",\r\n \"metricName\": \"[parameters('metricName')]\",\r\n \"dimensions\": [],\r\n \"operator\": \"[parameters('operator')]\",\r\n \"threshold\": \"[parameters('threshold')]\",\r\n \"timeAggregation\": \"[parameters('timeAggregation')]\"\r\n }\r\n ]\r\n },\r\n \"actions\": [\r\n {\r\n \"actionGroupId\": \"[parameters('actionGroupId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertNamePrefix\": {\r\n \"value\": \"[parameters('alertNamePrefix')]\"\r\n },\r\n \"alertDescription\": {\r\n \"value\": \"[parameters('alertDescription')]\"\r\n },\r\n \"alertSeverity\": {\r\n \"value\": \"[parameters('alertSeverity')]\"\r\n },\r\n \"isEnabled\": {\r\n \"value\": \"[parameters('isEnabled')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('metricName')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[parameters('operator')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[parameters('threshold')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[parameters('timeAggregation')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[parameters('evaluationFrequency')]\"\r\n },\r\n \"actionGroupId\": {\r\n \"value\": \"[parameters('actionGroupId')]\"\r\n },\r\n \"resourceType\": {\r\n \"value\": \"[parameters('resourceType')]\"\r\n },\r\n \"targetResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testSandipsh.draft\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testSandipsh.draft\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testtest\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"testtest\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The name for the tag\",\r\n \"description\": \"The name for the tag.\"\r\n },\r\n \"allowedValues\": []\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The value for the tag\",\r\n \"description\": \"The value for the tag\"\r\n },\r\n \"allowedValues\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags.',parameters('tagName'))]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/testtest\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"testtest\"\r\n }\r\n ]\r\n}", "StatusCode": 200 }, { @@ -409,16 +409,16 @@ "no-cache" ], "x-ms-request-id": [ - "westus2:c9f8f50f-7e7d-42cf-97dd-fef8ccf047c0" + "westus2:13a79ff0-844e-46b4-84fc-bfaaffcfad3b" ], "x-ms-ratelimit-remaining-subscription-reads": [ - "11993" + "11995" ], "x-ms-correlation-request-id": [ - "07b4afc2-8cd9-4d05-a480-6409aeefe700" + "1ba7b66a-d880-47d9-a0ce-5ae1c8627ecb" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T213945Z:07b4afc2-8cd9-4d05-a480-6409aeefe700" + "WESTUS2:20190116T193638Z:1ba7b66a-d880-47d9-a0ce-5ae1c8627ecb" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -427,7 +427,7 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:39:45 GMT" + "Wed, 16 Jan 2019 19:36:37 GMT" ], "Content-Length": [ "110" @@ -470,16 +470,199 @@ "no-cache" ], "x-ms-request-id": [ - "westus2:d5f641c1-b34c-4b56-8ab0-a916dadb3de1" + "westus2:188f94fa-4a31-4e00-8df6-360225d665ba" ], "x-ms-ratelimit-remaining-subscription-reads": [ - "11988" + "11999" + ], + "x-ms-correlation-request-id": [ + "0d1cef81-02bf-4ef5-9e7d-65b0f0166186" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T193639Z:0d1cef81-02bf-4ef5-9e7d-65b0f0166186" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 19:36:38 GMT" + ], + "Content-Length": [ + "110" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'someName' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/someName?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:493b04dc-1592-42d6-a418-860b72753242" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "d09f426d-a1c5-4fcd-8496-cd89566eb86f" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T193638Z:d09f426d-a1c5-4fcd-8496-cd89566eb86f" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 19:36:37 GMT" + ], + "Content-Length": [ + "110" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'someName' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/someName?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "ManagementGroupNameParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:99b48bd5-da1e-4363-b5a8-0dce9bb2dc66" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11999" + ], + "x-ms-correlation-request-id": [ + "1f05a5d2-4102-4b6c-8602-2a087e098618" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T193639Z:1f05a5d2-4102-4b6c-8602-2a087e098618" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 19:36:38 GMT" + ], + "Content-Length": [ + "110" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'someName' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions/someName?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "SubscriptionIdParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:b9e6291e-a76e-4c5d-b963-854a3f4002db" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" ], "x-ms-correlation-request-id": [ - "a1087997-35df-49a2-a581-67d184fa537c" + "c94ce684-3687-4bce-88bd-2564bc532045" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T213945Z:a1087997-35df-49a2-a581-67d184fa537c" + "WESTUS2:20190116T193639Z:c94ce684-3687-4bce-88bd-2564bc532045" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -488,7 +671,7 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:39:45 GMT" + "Wed, 16 Jan 2019 19:36:38 GMT" ], "Content-Length": [ "110" @@ -531,16 +714,16 @@ "no-cache" ], "x-ms-request-id": [ - "westus2:17150cdf-b66e-4cde-b744-53380c641fa0" + "westus2:363d0681-cf62-46e2-8ad2-cbcd69654d6e" ], "x-ms-ratelimit-remaining-tenant-reads": [ - "11987" + "11996" ], "x-ms-correlation-request-id": [ - "3988cfc3-30b2-4013-b76b-60073725664b" + "538a782e-742a-49df-8fec-abdb5c3f9b37" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T213945Z:3988cfc3-30b2-4013-b76b-60073725664b" + "WESTUS2:20190116T193638Z:538a782e-742a-49df-8fec-abdb5c3f9b37" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -549,7 +732,7 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:39:45 GMT" + "Wed, 16 Jan 2019 19:36:38 GMT" ], "Content-Length": [ "110" @@ -592,16 +775,16 @@ "no-cache" ], "x-ms-request-id": [ - "westus2:b69213cb-6d97-4e2f-8857-8a6df441d0d8" + "westus2:2f5bc95b-4f03-4240-8ff7-12f4c7cd4e6c" ], "x-ms-ratelimit-remaining-subscription-reads": [ - "11984" + "11998" ], "x-ms-correlation-request-id": [ - "9b5b3731-291f-4451-ac32-823b94e3a538" + "ceab14fb-ad1b-488c-acc4-d5783720c885" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T213945Z:9b5b3731-291f-4451-ac32-823b94e3a538" + "WESTUS2:20190116T193639Z:ceab14fb-ad1b-488c-acc4-d5783720c885" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -610,7 +793,7 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:39:45 GMT" + "Wed, 16 Jan 2019 19:36:38 GMT" ], "Content-Length": [ "110" @@ -628,6 +811,70 @@ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'someName' could not be found.\"\r\n }\r\n}", "StatusCode": 404 }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policydefinitions?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucz9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "IdParameterSet" + ], + "CommandName": [ + "Get-AzPolicyDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:4c66c236-68f9-432d-83ad-e98089c7202f" + ], + "x-ms-correlation-request-id": [ + "1d18aa61-f509-40a6-b8b9-9f4e5a08c4b0" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T193639Z:1d18aa61-f509-40a6-b8b9-9f4e5a08c4b0" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 19:36:39 GMT" + ], + "Content-Length": [ + "274088" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines without disaster recovery configured\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"ASR-Protect-*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an Function app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"001802d1-4969-4c82-a700-c29c6c6f9bbd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"053d3325-282c-4e5c-b944-24faffd30d77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Data Lake Store\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057ef27e-665e-4328-8ea3-04b3122bd9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL DB Level Audit Setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit DB level audit setting for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit VMs that do not use managed disks\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0868462e-646c-4fe3-9ced-a733534b6a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08b17839-76c6-4015-90e0-33d9d54d219c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit minimum number of owners for subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate more than one subscription owner in order to have administrator access redundancy.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateMoreThanOneOwner\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted VM Disks in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0961003e-5a0a-4549-abde-af6a37f2724d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit resource location matches resource group location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that the resource location matches its resource group location\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"notIn\": [\r\n \"[resourcegroup().location]\",\r\n \"global\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a914e76-4921-4c19-b460-a2d36003525a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an function app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e60b895-3786-45da-8377-9c6b4b6ac5f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11ac78e3-31bc-4f0c-8434-37ab963cea07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the required content to audit that an application is installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"WhitelistedApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WhitelistedApplication\"\r\n },\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"installedApplication\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[Parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit transparent data encryption status\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit transparent data encryption status for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"enabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17k78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1c210e94-a481-4beb-95fa-1571b434fb04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicCompute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d84d5fb-01f6-4d12-ba4f-4a26081d403d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1de7b11d-1870-41a5-8181-507e7c663cfb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enforces a required tag and its value. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e30110a-5ceb-460c-a204-c1c3969c6d62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit provisioning of an Azure Active Directory administrator for SQL server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/administrators\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f314764-cb73-4fc9-b863-8eca98ac36e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected web application in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Web applications without a Web Application Firewall protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\",\r\n \"Microsoft.Web/hostingEnvironments\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201ea587-7c90-41c3-910f-c280ae01cfd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a API app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"224da9fe-0d38-4e79-adb3-0a6e2af942ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of only secure connections to your Redis Cache\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Cache\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22bee202-a82f-4305-9a2a-6d7f44d4dedb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordLength\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordLength\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit configuration of metric alert rules on Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit configuration of metric alert rules on Batch account to enable the required metric\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/alertRules\",\r\n \"existenceScope\": \"Subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\r\n \"equals\": \"[parameters('metricName')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\r\n \"equals\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', field('name'))]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Microsoft IaaSAntimalware extension for Windows Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys a Microsoft IaaSAntimalware extension with a default configuraion when a VM is not configured with the antimalware extension.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of process names to exclude from scanning\"\r\n }\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"false\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Quick\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"7\",\r\n \"metadata\": {\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"120\",\r\n \"metadata\": {\r\n \"description\": \"When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM.\"\r\n }\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2835b622-407b-4114-9198-6f7064cbe0dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Applies a required tag and its default value if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fde8a98-6892-426a-83ba-050e640c0ce0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32133ab0-ee4b-4b44-98d6-042180979d50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid232\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"equals\": \"Allow\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34c877ad-507e-4c82-993e-3452a6e0ad3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Logic Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Logic Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34f95f76-5386-4de7-b824-0d8478470c9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MaximumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MaximumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enablement of encryption of Automation account variables\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is important to enable encryption of Automation account variable assets when storing sensitive data\",\r\n \"metadata\": {\r\n \"category\": \"Automation\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts/variables\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Automation/automationAccounts/variables/isEncrypted\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3657f5a0-770e-44a3-b44e-9431ba1e9735\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Threat Detection is enabled on SQL Servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicStorage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in IoT Hubs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Internet of Things\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Devices/IotHubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"383856f8-de7f-44a2-81fc-e5135b5c2aa4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c1b3629-c8f8-4bf6-862c-037cb9094038\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Log Analytics Agent for Ubuntu VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace\",\r\n \"metadata\": {\r\n \"category\": \"Compute\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\",\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\",\r\n \"14.04.2-LTS\",\r\n \"12.04.5-LTS\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fe37002-5d00-4b37-a301-da09e3a0ca66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit secure transfer to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit requirment of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"404c3081-a854-4457-ae30-26a93ef643f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"428256e6-1fac-4f48-a757-df34c2b3336d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor permissive network access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"permissiveNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44452482-524f-4bf4-b852-0bff7cc4a3ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require SQL Server version 12.0\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures all SQL servers use version 12.0\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/version\",\r\n \"equals\": \"12.0\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46544d7b-1f0d-46f5-81da-5c1351de1b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce automatic OS upgrade with app health checks on VMSS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces usage of automatic OS upgrade with application health checks through health probes, which enables safer rollout by evaluating application health after each OS upgrade batch.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade\",\r\n \"equals\": \"True\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/networkProfile.healthProbe.id\",\r\n \"exists\": \"False\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f0161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible app Whitelisting in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible Application Whitelist configuration will be monitored by Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"applicationWhitelisting\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47a6b606-51aa-4496-8bb7-64b11cf66adc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48893b84-a2c8-4d9a-badf-835d5d1b7d53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Applies a required tag and its default value to resource groups if it is not specified by the user.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d1c04de-2172-403f-901b-90608c35c721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit maximum number of owners for a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateLessThanXOwners\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healty\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f11b553-d42e-4e3a-89be-32ca364cad4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with write permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df82f4f-773a-4a2d-97a2-422a806f1a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in India data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: West India, South India, Central India\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with read permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit the setting of ClusterProtectionLevel property to EncryptAndSign in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].name\",\r\n \"notEquals\": \"Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name\",\r\n \"notEquals\": \"ClusterProtectionLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value\",\r\n \"notEquals\": \"EncryptAndSign\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"617c02be-7f02-4efd-8836-3180d47b6c68\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit missing blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits storage accounts without blob encryption. It only applies to Microsoft.Storage resource types, not other storage providers. Possible network Just In Time access will be monitored by Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"655cb504-bcee-4362-bd4c-402e6aa38759\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a Function app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"664346d9-be92-43fb-a219-d595eeb76a90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a web application from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8450e2-6c61-43b4-be65-62e3a197bffe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization cannot deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that cannot be deployed.\",\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesNotAllowed')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdb9205-3462-4cfc-87d8-16c7860b53f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"EnforcePasswordHistory\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed storage account SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"StorageSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7433c107-6db4-4ad1-b57a-a76dce0154a1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in App Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"752c6934-9bcc-4749-b004-655e676ae2ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor VM Vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"vulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"760a85ff-6162-42b3-8d70-698e268f648c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"IaaSDiagnostics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Diagnostics\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"LinuxDiagnostic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.OSTCExtensions\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c1b1214-f927-48bf-8882-84f0af6588b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e56b49b-5990-4159-a734-511ea19b731c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordMustMeetComplexityRequirements\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit diagnostic setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f89b1eb-583c-429a-8828-af049802c1d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a214f7-d01a-484b-91a9-ed54470c9a6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy SQL DB transparent data encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enables transparent data encryption on SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('fullDbName'), '/current')]\",\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"apiVersion\": \"2014-04-01\",\r\n \"properties\": {\r\n \"status\": \"Enabled\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"value\": \"[field('fullName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing system updates in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Missing security system updates on your servers will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"systemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86b3d65f-7626-441e-b690-81a8b71cff60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"not_installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"not_installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"884b209a-963b-4520-8006-d20cb3c213e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces a required tag and its value on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce3da23-7156-49e4-b145-24f95f9dcb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"StorePasswordsUsingReversibleEncryption\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9297c21d-2ed6-4474-b48f-163f75654ce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in European data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: North Europe, West Europe\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"northeurope\",\r\n \"westeurope\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"94c19f19-8192-48cd-a11b-e37099d3e36b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in United States data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"centralus\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"northcentralus\",\r\n \"southcentralus\",\r\n \"westus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"983211ba-f348-4758-983b-21fa29294869\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9bfe3727-0a17-471f-a2fe-eddd6b668745\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected network endpoints in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network endpoints without a Next Generation Firewall's protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedNetworkEndpoint\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9daedab3-fb2d-461e-b861-71790eead4f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that can be deployed.\",\r\n \"displayName\": \"Allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesAllowed')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a08ec900-254a-4555-9bf5-e42af04b5c5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Service Bus namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1817ec0-a368-432a-8057-8371e17ac6ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a451c1ef-c6ca-483d-87ed-f49761e3ffb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL server level Auditing settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audits the existence of SQL Auditing at the server level\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Desired Auditing setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enabled\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit standard tier of DDoS protection is enabled for a virtual network\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableDDoSProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce encryption on Data Lake Store accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures encryption is enabled on all Data Lake Store accounts\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DataLakeStore/accounts/encryptionState\",\r\n \"equals\": \"Disabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7ff3161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unencrypted SQL servers or databases will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a8bef009-a5c9-4d0f-90d7-6018734e8a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy network watcher when virtual networks are created\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"networkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[field('location')]\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-09-01\",\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"name\": \"[concat('networkWacher_', parameters('location'))]\",\r\n \"location\": \"[parameters('location')]\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with owner permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa633080-8b72-40c4-a2d7-d00c03e80bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Automatic provisioning of security monitoring agent\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Installs security agent on VMs for advanced security alerts and preventions in Azure Security Center. Applies only for subscriptions that use Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"securityAgent\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abcc6037-1fc4-47f6-aac5-89706589be24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'environment' tag value in allowed values\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.environment\",\r\n \"in\": [\r\n \"production\",\r\n \"dev\",\r\n \"test\",\r\n \"staging\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"endpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af6cd1bd-1635-48cb-bde7-5b15693900b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unaudited SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"SQL servers and databases which doesn't have SQL auditing turned on will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"auditing\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af8051bf-258b-44e2-a2bf-165330459f9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible network Just In Time (JIT) access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"jitNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM /etc/passwd file permissions are set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Event Hub namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b278e460-7cfc-4451-8294-cccc40a940d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"AuditSecureProtocol\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AuditSecureProtocol\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs for Search service\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Search\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an API app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b48334a4-911b-4084-b1ab-3e6a4e50b951\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of Azure Active Directory for client authentication in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit usage of client authentication only via Azure Active Directory in Service Fabric\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b54ed75b-3e1a-44ac-a333-05ba39b99ff0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be0a7681-bed4-48dc-9ff3-f0171ee170b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Asia data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastasia\",\r\n \"southeastasia\",\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\",\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Data Lake Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply Diagnostic Settings for Network Security Groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy automatically deploys diagnostic settings to network security groups.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist)\",\r\n \"description\": \"This resource group must already exist\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setbypolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"rgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"storageDeployName\": \"[concat('policyStorage_', uniqueString(parameters('location'), parameters('nsgName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('nsgName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [\r\n \"[variables('storageDeployName')]\"\r\n ],\r\n \"properties\": {\r\n \"storageAccountId\": \"[reference(variables('storageDeployName')).outputs.storageAccountId.value]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('storageDeployName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('rgName')]\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-06-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[concat(parameters('storageprefix'), parameters('location'))]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"location\": \"[parameters('location')]\",\r\n \"tags\": {\r\n \"created-by\": \"policy\"\r\n },\r\n \"scale\": null,\r\n \"properties\": {\r\n \"networkAcls\": {\r\n \"bypass\": \"AzureServices\",\r\n \"defaultAction\": \"Allow\",\r\n \"ipRules\": [],\r\n \"virtualNetworkRules\": []\r\n },\r\n \"supportsHttpsTrafficOnly\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"storageAccountId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[resourceId(parameters('rgName'), 'Microsoft.Storage/storageAccounts',concat(parameters('storagePrefix'), parameters('location')))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('rgName')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb510bfd-1cba-4d9f-a230-cb0976f4bb71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed virtual machine SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for virtual machines.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cccc23c7-8427-4f53-ad12-b6a63eb452b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'department' tag set\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation only if the 'department' tag is set\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags\",\r\n \"containsKey\": \"department\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd8dc879-a2ae-43c3-8211-1877c5755064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Key Vault\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf820ca0-f99e-4f3e-84fb-66e913812d21\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Function Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a Function app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a web application from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd2ea520-6b06-45c3-806e-ea297c23e06a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e01598e8-6538-41ed-95e8-8b29746cd697\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor OS vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"osVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3576e28-8b17-4677-84c3-db2990658d64\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"global\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"notEquals\": \"Microsoft.AzureActiveDirectory/b2cDirectories\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e56962a6-4747-49cd-b67b-bf8b01975c4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Node.js Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Node.js version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestNodeJS\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e67687e8-08d5-4e7f-8226-5b4753bba008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations for resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that resource groups can be created in.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e765b5de-1225-4ba3-bd56-1ac6695af988\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within a web application must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e797f851-8be7-4c40-bb56-2e3395215b0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an API app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration and Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid110\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"NotInstalledApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"NotInstalledApplication\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[Parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0633351-c7b2-41ff-9981-508fc08553c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid121\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if they not logging to the LA workspace specified in the policy/initiative assignment.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"notEquals\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f47b5582-33ec-4c5c-87c0-b010a6b2e917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of authorization rules on Event Hub entities\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit existence of authorization rules on Event Hub entities to grant least-privileged access\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/eventhubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/eventHubs/authorizationRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4826e5f-6a27-407c-ae3e-9582eb39891d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Auditing on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\",\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8456c1c-aa66-4dfb-861a-25d127b775c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Service Bus\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Stream Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Stream Analytics\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingJobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits that the specified application is installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor SQL vulnerability assessment results in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedinstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"feedbf84-6b99-488c-acc2-71c829aa5ffc\"\r\n }\r\n ]\r\n}", + "StatusCode": 200 + }, { "RequestUri": "/providers/Microsoft.Management/managementgroups/someManagementGroup/providers/Microsoft.Authorization/policydefinitions?api-version=2018-05-01", "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL3NvbWVNYW5hZ2VtZW50R3JvdXAvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeWRlZmluaXRpb25zP2FwaS12ZXJzaW9uPTIwMTgtMDUtMDE=", @@ -656,16 +903,16 @@ "Accept-Encoding" ], "x-ms-ratelimit-remaining-tenant-reads": [ - "11991" + "11995" ], "x-ms-request-id": [ - "westus2:7d4c2951-3e80-4a35-bd3e-d35a7fc5d0e3" + "westus2:95738f10-3591-4e9b-b1c1-b25875772da3" ], "x-ms-correlation-request-id": [ - "da3260f2-d526-402b-a128-6d1ed4e7d687" + "6de8e232-5565-40b4-89f6-a4b4f9a64391" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T213946Z:da3260f2-d526-402b-a128-6d1ed4e7d687" + "WESTUS2:20190116T193644Z:6de8e232-5565-40b4-89f6-a4b4f9a64391" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -674,10 +921,10 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:39:45 GMT" + "Wed, 16 Jan 2019 19:36:44 GMT" ], "Content-Length": [ - "270715" + "274088" ], "Content-Type": [ "application/json; charset=utf-8" @@ -689,7 +936,7 @@ "0" ] }, - "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines without disaster recovery configured\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"ASR-Protect-*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an Function app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"001802d1-4969-4c82-a700-c29c6c6f9bbd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"053d3325-282c-4e5c-b944-24faffd30d77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Data Lake Store\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057ef27e-665e-4328-8ea3-04b3122bd9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL DB Level Audit Setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit DB level audit setting for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit VMs that do not use managed disks\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0868462e-646c-4fe3-9ced-a733534b6a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08b17839-76c6-4015-90e0-33d9d54d219c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit minimum number of owners for subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate more than one subscription owner in order to have administrator access redundancy.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateMoreThanOneOwner\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted VM Disks in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0961003e-5a0a-4549-abde-af6a37f2724d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit resource location matches resource group location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that the resource location matches its resource group location\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"notIn\": [\r\n \"[resourcegroup().location]\",\r\n \"global\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a914e76-4921-4c19-b460-a2d36003525a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an function app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e60b895-3786-45da-8377-9c6b4b6ac5f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11ac78e3-31bc-4f0c-8434-37ab963cea07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the required content to audit that an application is installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"WhitelistedApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WhitelistedApplication\"\r\n },\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"installedApplication\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[Parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit transparent data encryption status\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit transparent data encryption status for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"enabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17k78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1c210e94-a481-4beb-95fa-1571b434fb04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicCompute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d84d5fb-01f6-4d12-ba4f-4a26081d403d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1de7b11d-1870-41a5-8181-507e7c663cfb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enforces a required tag and its value. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e30110a-5ceb-460c-a204-c1c3969c6d62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit provisioning of an Azure Active Directory administrator for SQL server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/administrators\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f314764-cb73-4fc9-b863-8eca98ac36e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected web application in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Web applications without a Web Application Firewall protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\",\r\n \"Microsoft.Web/hostingEnvironments\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201ea587-7c90-41c3-910f-c280ae01cfd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a API app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"224da9fe-0d38-4e79-adb3-0a6e2af942ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of only secure connections to your Redis Cache\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Cache\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22bee202-a82f-4305-9a2a-6d7f44d4dedb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordLength\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordLength\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit configuration of metric alert rules on Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit configuration of metric alert rules on Batch account to enable the required metric\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/alertRules\",\r\n \"existenceScope\": \"Subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\r\n \"equals\": \"[parameters('metricName')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\r\n \"equals\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', field('name'))]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Microsoft IaaSAntimalware extension for Windows Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys a Microsoft IaaSAntimalware extension with a default configuraion when a VM is not configured with the antimalware extension.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of process names to exclude from scanning\"\r\n }\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"false\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Quick\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"7\",\r\n \"metadata\": {\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"120\",\r\n \"metadata\": {\r\n \"description\": \"When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM.\"\r\n }\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2835b622-407b-4114-9198-6f7064cbe0dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Applies a required tag and its default value if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fde8a98-6892-426a-83ba-050e640c0ce0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32133ab0-ee4b-4b44-98d6-042180979d50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid232\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"equals\": \"Allow\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34c877ad-507e-4c82-993e-3452a6e0ad3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Logic Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Logic Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34f95f76-5386-4de7-b824-0d8478470c9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MaximumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MaximumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enablement of encryption of Automation account variables\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is important to enable encryption of Automation account variable assets when storing sensitive data\",\r\n \"metadata\": {\r\n \"category\": \"Automation\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts/variables\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Automation/automationAccounts/variables/isEncrypted\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3657f5a0-770e-44a3-b44e-9431ba1e9735\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Threat Detection is enabled on SQL Servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicStorage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c1b3629-c8f8-4bf6-862c-037cb9094038\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Log Analytics Agent for Ubuntu VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace\",\r\n \"metadata\": {\r\n \"category\": \"Compute\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\",\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\",\r\n \"14.04.2-LTS\",\r\n \"12.04.5-LTS\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fe37002-5d00-4b37-a301-da09e3a0ca66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit secure transfer to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit requirment of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"404c3081-a854-4457-ae30-26a93ef643f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"428256e6-1fac-4f48-a757-df34c2b3336d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor permissive network access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"permissiveNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44452482-524f-4bf4-b852-0bff7cc4a3ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require SQL Server version 12.0\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures all SQL servers use version 12.0\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/version\",\r\n \"equals\": \"12.0\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46544d7b-1f0d-46f5-81da-5c1351de1b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce automatic OS upgrade with app health checks on VMSS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces usage of automatic OS upgrade with application health checks through health probes, which enables safer rollout by evaluating application health after each OS upgrade batch.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade\",\r\n \"equals\": \"True\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/networkProfile.healthProbe.id\",\r\n \"exists\": \"False\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f0161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible app Whitelisting in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible Application Whitelist configuration will be monitored by Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"applicationWhitelisting\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47a6b606-51aa-4496-8bb7-64b11cf66adc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48893b84-a2c8-4d9a-badf-835d5d1b7d53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Applies a required tag and its default value to resource groups if it is not specified by the user.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d1c04de-2172-403f-901b-90608c35c721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit maximum number of owners for a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateLessThanXOwners\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f11b553-d42e-4e3a-89be-32ca364cad4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with write permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df82f4f-773a-4a2d-97a2-422a806f1a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in India data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: West India, South India, Central India\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with read permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit the setting of ClusterProtectionLevel property to EncryptAndSign in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].name\",\r\n \"notEquals\": \"Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name\",\r\n \"notEquals\": \"ClusterProtectionLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value\",\r\n \"notEquals\": \"EncryptAndSign\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"617c02be-7f02-4efd-8836-3180d47b6c68\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit missing blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits storage accounts without blob encryption. It only applies to Microsoft.Storage resource types, not other storage providers. Possible network Just In Time access will be monitored by Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"655cb504-bcee-4362-bd4c-402e6aa38759\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a Function app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"664346d9-be92-43fb-a219-d595eeb76a90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a web application from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8450e2-6c61-43b4-be65-62e3a197bffe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization cannot deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that cannot be deployed.\",\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesNotAllowed')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdb9205-3462-4cfc-87d8-16c7860b53f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"EnforcePasswordHistory\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed storage account SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"StorageSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7433c107-6db4-4ad1-b57a-a76dce0154a1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in App Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"752c6934-9bcc-4749-b004-655e676ae2ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor VM Vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"vulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"760a85ff-6162-42b3-8d70-698e268f648c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"IaaSDiagnostics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Diagnostics\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"LinuxDiagnostic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.OSTCExtensions\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c1b1214-f927-48bf-8882-84f0af6588b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e56b49b-5990-4159-a734-511ea19b731c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordMustMeetComplexityRequirements\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit diagnostic setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f89b1eb-583c-429a-8828-af049802c1d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a214f7-d01a-484b-91a9-ed54470c9a6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy SQL DB transparent data encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enables transparent data encryption on SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('fullDbName'), '/current')]\",\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"apiVersion\": \"2014-04-01\",\r\n \"properties\": {\r\n \"status\": \"Enabled\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"value\": \"[field('fullName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing system updates in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Missing security system updates on your servers will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"systemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86b3d65f-7626-441e-b690-81a8b71cff60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"not_installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"not_installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"884b209a-963b-4520-8006-d20cb3c213e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces a required tag and its value on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce3da23-7156-49e4-b145-24f95f9dcb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"StorePasswordsUsingReversibleEncryption\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9297c21d-2ed6-4474-b48f-163f75654ce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in European data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: North Europe, West Europe\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"northeurope\",\r\n \"westeurope\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"94c19f19-8192-48cd-a11b-e37099d3e36b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in United States data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"centralus\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"northcentralus\",\r\n \"southcentralus\",\r\n \"westus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"983211ba-f348-4758-983b-21fa29294869\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9bfe3727-0a17-471f-a2fe-eddd6b668745\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected network endpoints in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network endpoints without a Next Generation Firewall's protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedNetworkEndpoint\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9daedab3-fb2d-461e-b861-71790eead4f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that can be deployed.\",\r\n \"displayName\": \"Allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesAllowed')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a08ec900-254a-4555-9bf5-e42af04b5c5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Service Bus namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1817ec0-a368-432a-8057-8371e17ac6ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a451c1ef-c6ca-483d-87ed-f49761e3ffb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL server level Auditing settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audits the existence of SQL Auditing at the server level\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Desired Auditing setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enabled\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit standard tier of DDoS protection is enabled for a virtual network\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableDDoSProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce encryption on Data Lake Store accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures encryption is enabled on all Data Lake Store accounts\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DataLakeStore/accounts/encryptionState\",\r\n \"equals\": \"Disabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7ff3161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unencrypted SQL servers or databases will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a8bef009-a5c9-4d0f-90d7-6018734e8a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy network watcher when virtual networks are created\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"networkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[field('location')]\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-09-01\",\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"name\": \"[concat('networkWacher_', parameters('location'))]\",\r\n \"location\": \"[parameters('location')]\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with owner permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa633080-8b72-40c4-a2d7-d00c03e80bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Automatic provisioning of security monitoring agent\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Installs security agent on VMs for advanced security alerts and preventions in Azure Security Center. Applies only for subscriptions that use Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"securityAgent\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abcc6037-1fc4-47f6-aac5-89706589be24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'environment' tag value in allowed values\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.environment\",\r\n \"in\": [\r\n \"production\",\r\n \"dev\",\r\n \"test\",\r\n \"staging\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"endpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af6cd1bd-1635-48cb-bde7-5b15693900b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unaudited SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"SQL servers and databases which doesn't have SQL auditing turned on will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"auditing\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af8051bf-258b-44e2-a2bf-165330459f9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible network Just In Time (JIT) access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"jitNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM /etc/passwd file permissions are set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Event Hub namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b278e460-7cfc-4451-8294-cccc40a940d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"AuditSecureProtocol\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AuditSecureProtocol\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs for Search service\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Search\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an API app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b48334a4-911b-4084-b1ab-3e6a4e50b951\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of Azure Active Directory for client authentication in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit usage of client authentication only via Azure Active Directory in Service Fabric\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b54ed75b-3e1a-44ac-a333-05ba39b99ff0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be0a7681-bed4-48dc-9ff3-f0171ee170b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Asia data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastasia\",\r\n \"southeastasia\",\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\",\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Data Lake Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply Diagnostic Settings for Network Security Groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy automatically deploys diagnostic settings to network security groups.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist)\",\r\n \"description\": \"This resource group must already exist\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setbypolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"rgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"storageDeployName\": \"[concat('policyStorage_', uniqueString(parameters('location'), parameters('nsgName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('nsgName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [\r\n \"[variables('storageDeployName')]\"\r\n ],\r\n \"properties\": {\r\n \"storageAccountId\": \"[reference(variables('storageDeployName')).outputs.storageAccountId.value]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('storageDeployName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('rgName')]\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-06-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[concat(parameters('storageprefix'), parameters('location'))]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"location\": \"[parameters('location')]\",\r\n \"tags\": {\r\n \"created-by\": \"policy\"\r\n },\r\n \"scale\": null,\r\n \"properties\": {\r\n \"networkAcls\": {\r\n \"bypass\": \"AzureServices\",\r\n \"defaultAction\": \"Allow\",\r\n \"ipRules\": [],\r\n \"virtualNetworkRules\": []\r\n },\r\n \"supportsHttpsTrafficOnly\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"storageAccountId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[resourceId(parameters('rgName'), 'Microsoft.Storage/storageAccounts',concat(parameters('storagePrefix'), parameters('location')))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('rgName')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb510bfd-1cba-4d9f-a230-cb0976f4bb71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed virtual machine SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for virtual machines.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cccc23c7-8427-4f53-ad12-b6a63eb452b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'department' tag set\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation only if the 'department' tag is set\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags\",\r\n \"containsKey\": \"department\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd8dc879-a2ae-43c3-8211-1877c5755064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Key Vault\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf820ca0-f99e-4f3e-84fb-66e913812d21\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Function Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a Function app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a web application from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd2ea520-6b06-45c3-806e-ea297c23e06a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e01598e8-6538-41ed-95e8-8b29746cd697\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor OS vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"osVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3576e28-8b17-4677-84c3-db2990658d64\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"global\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"notEquals\": \"Microsoft.AzureActiveDirectory/b2cDirectories\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e56962a6-4747-49cd-b67b-bf8b01975c4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Node.js Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Node.js version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestNodeJS\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e67687e8-08d5-4e7f-8226-5b4753bba008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations for resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that resource groups can be created in.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e765b5de-1225-4ba3-bd56-1ac6695af988\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within a web application must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e797f851-8be7-4c40-bb56-2e3395215b0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an API app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration and Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid110\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"NotInstalledApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"NotInstalledApplication\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[Parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0633351-c7b2-41ff-9981-508fc08553c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid121\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if they not logging to the LA workspace specified in the policy/initiative assignment.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"notEquals\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f47b5582-33ec-4c5c-87c0-b010a6b2e917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of authorization rules on Event Hub entities\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit existence of authorization rules on Event Hub entities to grant least-privileged access\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/eventhubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/eventHubs/authorizationRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4826e5f-6a27-407c-ae3e-9582eb39891d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Auditing on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\",\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8456c1c-aa66-4dfb-861a-25d127b775c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Service Bus\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Stream Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Stream Analytics\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingJobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits that the specified application is installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor SQL vulnerability assessment results in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedinstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"feedbf84-6b99-488c-acc2-71c829aa5ffc\"\r\n }\r\n ]\r\n}", + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines without disaster recovery configured\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"ASR-Protect-*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an Function app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"001802d1-4969-4c82-a700-c29c6c6f9bbd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"053d3325-282c-4e5c-b944-24faffd30d77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Data Lake Store\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057ef27e-665e-4328-8ea3-04b3122bd9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL DB Level Audit Setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit DB level audit setting for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit VMs that do not use managed disks\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0868462e-646c-4fe3-9ced-a733534b6a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08b17839-76c6-4015-90e0-33d9d54d219c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit minimum number of owners for subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate more than one subscription owner in order to have administrator access redundancy.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateMoreThanOneOwner\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted VM Disks in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0961003e-5a0a-4549-abde-af6a37f2724d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit resource location matches resource group location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that the resource location matches its resource group location\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"notIn\": [\r\n \"[resourcegroup().location]\",\r\n \"global\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a914e76-4921-4c19-b460-a2d36003525a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an function app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e60b895-3786-45da-8377-9c6b4b6ac5f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11ac78e3-31bc-4f0c-8434-37ab963cea07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the required content to audit that an application is installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"WhitelistedApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WhitelistedApplication\"\r\n },\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"installedApplication\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[Parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit transparent data encryption status\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit transparent data encryption status for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"enabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17k78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1c210e94-a481-4beb-95fa-1571b434fb04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicCompute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d84d5fb-01f6-4d12-ba4f-4a26081d403d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1de7b11d-1870-41a5-8181-507e7c663cfb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enforces a required tag and its value. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e30110a-5ceb-460c-a204-c1c3969c6d62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit provisioning of an Azure Active Directory administrator for SQL server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/administrators\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f314764-cb73-4fc9-b863-8eca98ac36e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected web application in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Web applications without a Web Application Firewall protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\",\r\n \"Microsoft.Web/hostingEnvironments\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201ea587-7c90-41c3-910f-c280ae01cfd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a API app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"224da9fe-0d38-4e79-adb3-0a6e2af942ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of only secure connections to your Redis Cache\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Cache\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22bee202-a82f-4305-9a2a-6d7f44d4dedb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordLength\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordLength\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit configuration of metric alert rules on Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit configuration of metric alert rules on Batch account to enable the required metric\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/alertRules\",\r\n \"existenceScope\": \"Subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\r\n \"equals\": \"[parameters('metricName')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\r\n \"equals\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', field('name'))]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Microsoft IaaSAntimalware extension for Windows Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys a Microsoft IaaSAntimalware extension with a default configuraion when a VM is not configured with the antimalware extension.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of process names to exclude from scanning\"\r\n }\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"false\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Quick\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"7\",\r\n \"metadata\": {\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"120\",\r\n \"metadata\": {\r\n \"description\": \"When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM.\"\r\n }\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2835b622-407b-4114-9198-6f7064cbe0dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Applies a required tag and its default value if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fde8a98-6892-426a-83ba-050e640c0ce0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32133ab0-ee4b-4b44-98d6-042180979d50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid232\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"equals\": \"Allow\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34c877ad-507e-4c82-993e-3452a6e0ad3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Logic Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Logic Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34f95f76-5386-4de7-b824-0d8478470c9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MaximumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MaximumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enablement of encryption of Automation account variables\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is important to enable encryption of Automation account variable assets when storing sensitive data\",\r\n \"metadata\": {\r\n \"category\": \"Automation\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts/variables\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Automation/automationAccounts/variables/isEncrypted\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3657f5a0-770e-44a3-b44e-9431ba1e9735\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Threat Detection is enabled on SQL Servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicStorage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in IoT Hubs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Internet of Things\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Devices/IotHubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"383856f8-de7f-44a2-81fc-e5135b5c2aa4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c1b3629-c8f8-4bf6-862c-037cb9094038\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Log Analytics Agent for Ubuntu VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace\",\r\n \"metadata\": {\r\n \"category\": \"Compute\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\",\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\",\r\n \"14.04.2-LTS\",\r\n \"12.04.5-LTS\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fe37002-5d00-4b37-a301-da09e3a0ca66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit secure transfer to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit requirment of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"404c3081-a854-4457-ae30-26a93ef643f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"428256e6-1fac-4f48-a757-df34c2b3336d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor permissive network access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"permissiveNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44452482-524f-4bf4-b852-0bff7cc4a3ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require SQL Server version 12.0\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures all SQL servers use version 12.0\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/version\",\r\n \"equals\": \"12.0\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46544d7b-1f0d-46f5-81da-5c1351de1b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce automatic OS upgrade with app health checks on VMSS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces usage of automatic OS upgrade with application health checks through health probes, which enables safer rollout by evaluating application health after each OS upgrade batch.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade\",\r\n \"equals\": \"True\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/networkProfile.healthProbe.id\",\r\n \"exists\": \"False\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f0161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible app Whitelisting in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible Application Whitelist configuration will be monitored by Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"applicationWhitelisting\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47a6b606-51aa-4496-8bb7-64b11cf66adc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48893b84-a2c8-4d9a-badf-835d5d1b7d53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Applies a required tag and its default value to resource groups if it is not specified by the user.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d1c04de-2172-403f-901b-90608c35c721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit maximum number of owners for a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateLessThanXOwners\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healty\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f11b553-d42e-4e3a-89be-32ca364cad4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with write permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df82f4f-773a-4a2d-97a2-422a806f1a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in India data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: West India, South India, Central India\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with read permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit the setting of ClusterProtectionLevel property to EncryptAndSign in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].name\",\r\n \"notEquals\": \"Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name\",\r\n \"notEquals\": \"ClusterProtectionLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value\",\r\n \"notEquals\": \"EncryptAndSign\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"617c02be-7f02-4efd-8836-3180d47b6c68\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit missing blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits storage accounts without blob encryption. It only applies to Microsoft.Storage resource types, not other storage providers. Possible network Just In Time access will be monitored by Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"655cb504-bcee-4362-bd4c-402e6aa38759\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a Function app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"664346d9-be92-43fb-a219-d595eeb76a90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a web application from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8450e2-6c61-43b4-be65-62e3a197bffe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization cannot deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that cannot be deployed.\",\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesNotAllowed')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdb9205-3462-4cfc-87d8-16c7860b53f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"EnforcePasswordHistory\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed storage account SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"StorageSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7433c107-6db4-4ad1-b57a-a76dce0154a1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in App Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"752c6934-9bcc-4749-b004-655e676ae2ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor VM Vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"vulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"760a85ff-6162-42b3-8d70-698e268f648c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"IaaSDiagnostics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Diagnostics\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"LinuxDiagnostic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.OSTCExtensions\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c1b1214-f927-48bf-8882-84f0af6588b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e56b49b-5990-4159-a734-511ea19b731c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordMustMeetComplexityRequirements\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit diagnostic setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f89b1eb-583c-429a-8828-af049802c1d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a214f7-d01a-484b-91a9-ed54470c9a6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy SQL DB transparent data encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enables transparent data encryption on SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('fullDbName'), '/current')]\",\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"apiVersion\": \"2014-04-01\",\r\n \"properties\": {\r\n \"status\": \"Enabled\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"value\": \"[field('fullName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing system updates in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Missing security system updates on your servers will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"systemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86b3d65f-7626-441e-b690-81a8b71cff60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"not_installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"not_installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"884b209a-963b-4520-8006-d20cb3c213e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces a required tag and its value on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce3da23-7156-49e4-b145-24f95f9dcb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"StorePasswordsUsingReversibleEncryption\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9297c21d-2ed6-4474-b48f-163f75654ce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in European data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: North Europe, West Europe\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"northeurope\",\r\n \"westeurope\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"94c19f19-8192-48cd-a11b-e37099d3e36b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in United States data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"centralus\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"northcentralus\",\r\n \"southcentralus\",\r\n \"westus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"983211ba-f348-4758-983b-21fa29294869\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9bfe3727-0a17-471f-a2fe-eddd6b668745\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected network endpoints in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network endpoints without a Next Generation Firewall's protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedNetworkEndpoint\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9daedab3-fb2d-461e-b861-71790eead4f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that can be deployed.\",\r\n \"displayName\": \"Allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesAllowed')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a08ec900-254a-4555-9bf5-e42af04b5c5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Service Bus namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1817ec0-a368-432a-8057-8371e17ac6ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a451c1ef-c6ca-483d-87ed-f49761e3ffb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL server level Auditing settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audits the existence of SQL Auditing at the server level\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Desired Auditing setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enabled\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit standard tier of DDoS protection is enabled for a virtual network\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableDDoSProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce encryption on Data Lake Store accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures encryption is enabled on all Data Lake Store accounts\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DataLakeStore/accounts/encryptionState\",\r\n \"equals\": \"Disabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7ff3161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unencrypted SQL servers or databases will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a8bef009-a5c9-4d0f-90d7-6018734e8a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy network watcher when virtual networks are created\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"networkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[field('location')]\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-09-01\",\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"name\": \"[concat('networkWacher_', parameters('location'))]\",\r\n \"location\": \"[parameters('location')]\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with owner permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa633080-8b72-40c4-a2d7-d00c03e80bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Automatic provisioning of security monitoring agent\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Installs security agent on VMs for advanced security alerts and preventions in Azure Security Center. Applies only for subscriptions that use Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"securityAgent\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abcc6037-1fc4-47f6-aac5-89706589be24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'environment' tag value in allowed values\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.environment\",\r\n \"in\": [\r\n \"production\",\r\n \"dev\",\r\n \"test\",\r\n \"staging\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"endpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af6cd1bd-1635-48cb-bde7-5b15693900b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unaudited SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"SQL servers and databases which doesn't have SQL auditing turned on will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"auditing\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af8051bf-258b-44e2-a2bf-165330459f9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible network Just In Time (JIT) access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"jitNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM /etc/passwd file permissions are set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Event Hub namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b278e460-7cfc-4451-8294-cccc40a940d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"AuditSecureProtocol\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AuditSecureProtocol\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs for Search service\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Search\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an API app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b48334a4-911b-4084-b1ab-3e6a4e50b951\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of Azure Active Directory for client authentication in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit usage of client authentication only via Azure Active Directory in Service Fabric\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b54ed75b-3e1a-44ac-a333-05ba39b99ff0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be0a7681-bed4-48dc-9ff3-f0171ee170b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Asia data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastasia\",\r\n \"southeastasia\",\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\",\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Data Lake Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply Diagnostic Settings for Network Security Groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy automatically deploys diagnostic settings to network security groups.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist)\",\r\n \"description\": \"This resource group must already exist\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setbypolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"rgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"storageDeployName\": \"[concat('policyStorage_', uniqueString(parameters('location'), parameters('nsgName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('nsgName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [\r\n \"[variables('storageDeployName')]\"\r\n ],\r\n \"properties\": {\r\n \"storageAccountId\": \"[reference(variables('storageDeployName')).outputs.storageAccountId.value]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('storageDeployName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('rgName')]\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-06-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[concat(parameters('storageprefix'), parameters('location'))]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"location\": \"[parameters('location')]\",\r\n \"tags\": {\r\n \"created-by\": \"policy\"\r\n },\r\n \"scale\": null,\r\n \"properties\": {\r\n \"networkAcls\": {\r\n \"bypass\": \"AzureServices\",\r\n \"defaultAction\": \"Allow\",\r\n \"ipRules\": [],\r\n \"virtualNetworkRules\": []\r\n },\r\n \"supportsHttpsTrafficOnly\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"storageAccountId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[resourceId(parameters('rgName'), 'Microsoft.Storage/storageAccounts',concat(parameters('storagePrefix'), parameters('location')))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('rgName')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb510bfd-1cba-4d9f-a230-cb0976f4bb71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed virtual machine SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for virtual machines.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cccc23c7-8427-4f53-ad12-b6a63eb452b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'department' tag set\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation only if the 'department' tag is set\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags\",\r\n \"containsKey\": \"department\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd8dc879-a2ae-43c3-8211-1877c5755064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Key Vault\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf820ca0-f99e-4f3e-84fb-66e913812d21\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Function Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a Function app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a web application from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd2ea520-6b06-45c3-806e-ea297c23e06a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e01598e8-6538-41ed-95e8-8b29746cd697\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor OS vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"osVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3576e28-8b17-4677-84c3-db2990658d64\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"global\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"notEquals\": \"Microsoft.AzureActiveDirectory/b2cDirectories\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e56962a6-4747-49cd-b67b-bf8b01975c4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Node.js Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Node.js version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestNodeJS\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e67687e8-08d5-4e7f-8226-5b4753bba008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations for resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that resource groups can be created in.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e765b5de-1225-4ba3-bd56-1ac6695af988\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within a web application must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e797f851-8be7-4c40-bb56-2e3395215b0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an API app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration and Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid110\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"NotInstalledApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"NotInstalledApplication\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[Parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0633351-c7b2-41ff-9981-508fc08553c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid121\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if they not logging to the LA workspace specified in the policy/initiative assignment.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"notEquals\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f47b5582-33ec-4c5c-87c0-b010a6b2e917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of authorization rules on Event Hub entities\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit existence of authorization rules on Event Hub entities to grant least-privileged access\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/eventhubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/eventHubs/authorizationRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4826e5f-6a27-407c-ae3e-9582eb39891d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Auditing on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\",\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8456c1c-aa66-4dfb-861a-25d127b775c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Service Bus\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Stream Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Stream Analytics\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingJobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits that the specified application is installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor SQL vulnerability assessment results in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedinstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"feedbf84-6b99-488c-acc2-71c829aa5ffc\"\r\n }\r\n ]\r\n}", "StatusCode": 200 }, { @@ -720,16 +967,16 @@ "Accept-Encoding" ], "x-ms-ratelimit-remaining-tenant-reads": [ - "11994" + "11996" ], "x-ms-request-id": [ - "westus2:8f9dfe86-7d4e-4c01-b115-8801bc383d60" + "westus2:5345f7bb-ebec-4b23-9f17-933d1fab8d95" ], "x-ms-correlation-request-id": [ - "91e44884-93e6-43c0-8a3d-4bff07699b0d" + "acb4cee9-2328-48eb-80c1-ca35a8af6f78" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T214001Z:91e44884-93e6-43c0-8a3d-4bff07699b0d" + "WESTUS2:20190116T193650Z:acb4cee9-2328-48eb-80c1-ca35a8af6f78" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -738,10 +985,10 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:40:00 GMT" + "Wed, 16 Jan 2019 19:36:49 GMT" ], "Content-Length": [ - "270715" + "274088" ], "Content-Type": [ "application/json; charset=utf-8" @@ -753,7 +1000,7 @@ "0" ] }, - "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines without disaster recovery configured\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"ASR-Protect-*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an Function app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"001802d1-4969-4c82-a700-c29c6c6f9bbd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"053d3325-282c-4e5c-b944-24faffd30d77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Data Lake Store\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057ef27e-665e-4328-8ea3-04b3122bd9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL DB Level Audit Setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit DB level audit setting for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit VMs that do not use managed disks\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0868462e-646c-4fe3-9ced-a733534b6a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08b17839-76c6-4015-90e0-33d9d54d219c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit minimum number of owners for subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate more than one subscription owner in order to have administrator access redundancy.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateMoreThanOneOwner\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted VM Disks in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0961003e-5a0a-4549-abde-af6a37f2724d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit resource location matches resource group location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that the resource location matches its resource group location\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"notIn\": [\r\n \"[resourcegroup().location]\",\r\n \"global\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a914e76-4921-4c19-b460-a2d36003525a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an function app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e60b895-3786-45da-8377-9c6b4b6ac5f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11ac78e3-31bc-4f0c-8434-37ab963cea07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the required content to audit that an application is installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"WhitelistedApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WhitelistedApplication\"\r\n },\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"installedApplication\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[Parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit transparent data encryption status\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit transparent data encryption status for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"enabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17k78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1c210e94-a481-4beb-95fa-1571b434fb04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicCompute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d84d5fb-01f6-4d12-ba4f-4a26081d403d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1de7b11d-1870-41a5-8181-507e7c663cfb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enforces a required tag and its value. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e30110a-5ceb-460c-a204-c1c3969c6d62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit provisioning of an Azure Active Directory administrator for SQL server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/administrators\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f314764-cb73-4fc9-b863-8eca98ac36e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected web application in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Web applications without a Web Application Firewall protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\",\r\n \"Microsoft.Web/hostingEnvironments\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201ea587-7c90-41c3-910f-c280ae01cfd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a API app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"224da9fe-0d38-4e79-adb3-0a6e2af942ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of only secure connections to your Redis Cache\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Cache\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22bee202-a82f-4305-9a2a-6d7f44d4dedb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordLength\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordLength\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit configuration of metric alert rules on Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit configuration of metric alert rules on Batch account to enable the required metric\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/alertRules\",\r\n \"existenceScope\": \"Subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\r\n \"equals\": \"[parameters('metricName')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\r\n \"equals\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', field('name'))]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Microsoft IaaSAntimalware extension for Windows Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys a Microsoft IaaSAntimalware extension with a default configuraion when a VM is not configured with the antimalware extension.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of process names to exclude from scanning\"\r\n }\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"false\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Quick\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"7\",\r\n \"metadata\": {\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"120\",\r\n \"metadata\": {\r\n \"description\": \"When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM.\"\r\n }\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2835b622-407b-4114-9198-6f7064cbe0dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Applies a required tag and its default value if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fde8a98-6892-426a-83ba-050e640c0ce0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32133ab0-ee4b-4b44-98d6-042180979d50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid232\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"equals\": \"Allow\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34c877ad-507e-4c82-993e-3452a6e0ad3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Logic Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Logic Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34f95f76-5386-4de7-b824-0d8478470c9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MaximumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MaximumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enablement of encryption of Automation account variables\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is important to enable encryption of Automation account variable assets when storing sensitive data\",\r\n \"metadata\": {\r\n \"category\": \"Automation\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts/variables\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Automation/automationAccounts/variables/isEncrypted\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3657f5a0-770e-44a3-b44e-9431ba1e9735\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Threat Detection is enabled on SQL Servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicStorage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c1b3629-c8f8-4bf6-862c-037cb9094038\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Log Analytics Agent for Ubuntu VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace\",\r\n \"metadata\": {\r\n \"category\": \"Compute\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\",\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\",\r\n \"14.04.2-LTS\",\r\n \"12.04.5-LTS\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fe37002-5d00-4b37-a301-da09e3a0ca66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit secure transfer to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit requirment of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"404c3081-a854-4457-ae30-26a93ef643f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"428256e6-1fac-4f48-a757-df34c2b3336d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor permissive network access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"permissiveNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44452482-524f-4bf4-b852-0bff7cc4a3ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require SQL Server version 12.0\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures all SQL servers use version 12.0\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/version\",\r\n \"equals\": \"12.0\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46544d7b-1f0d-46f5-81da-5c1351de1b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce automatic OS upgrade with app health checks on VMSS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces usage of automatic OS upgrade with application health checks through health probes, which enables safer rollout by evaluating application health after each OS upgrade batch.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade\",\r\n \"equals\": \"True\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/networkProfile.healthProbe.id\",\r\n \"exists\": \"False\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f0161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible app Whitelisting in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible Application Whitelist configuration will be monitored by Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"applicationWhitelisting\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47a6b606-51aa-4496-8bb7-64b11cf66adc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48893b84-a2c8-4d9a-badf-835d5d1b7d53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Applies a required tag and its default value to resource groups if it is not specified by the user.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d1c04de-2172-403f-901b-90608c35c721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit maximum number of owners for a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateLessThanXOwners\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f11b553-d42e-4e3a-89be-32ca364cad4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with write permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df82f4f-773a-4a2d-97a2-422a806f1a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in India data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: West India, South India, Central India\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with read permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit the setting of ClusterProtectionLevel property to EncryptAndSign in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].name\",\r\n \"notEquals\": \"Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name\",\r\n \"notEquals\": \"ClusterProtectionLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value\",\r\n \"notEquals\": \"EncryptAndSign\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"617c02be-7f02-4efd-8836-3180d47b6c68\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit missing blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits storage accounts without blob encryption. It only applies to Microsoft.Storage resource types, not other storage providers. Possible network Just In Time access will be monitored by Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"655cb504-bcee-4362-bd4c-402e6aa38759\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a Function app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"664346d9-be92-43fb-a219-d595eeb76a90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a web application from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8450e2-6c61-43b4-be65-62e3a197bffe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization cannot deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that cannot be deployed.\",\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesNotAllowed')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdb9205-3462-4cfc-87d8-16c7860b53f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"EnforcePasswordHistory\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed storage account SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"StorageSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7433c107-6db4-4ad1-b57a-a76dce0154a1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in App Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"752c6934-9bcc-4749-b004-655e676ae2ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor VM Vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"vulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"760a85ff-6162-42b3-8d70-698e268f648c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"IaaSDiagnostics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Diagnostics\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"LinuxDiagnostic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.OSTCExtensions\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c1b1214-f927-48bf-8882-84f0af6588b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e56b49b-5990-4159-a734-511ea19b731c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordMustMeetComplexityRequirements\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit diagnostic setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f89b1eb-583c-429a-8828-af049802c1d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a214f7-d01a-484b-91a9-ed54470c9a6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy SQL DB transparent data encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enables transparent data encryption on SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('fullDbName'), '/current')]\",\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"apiVersion\": \"2014-04-01\",\r\n \"properties\": {\r\n \"status\": \"Enabled\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"value\": \"[field('fullName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing system updates in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Missing security system updates on your servers will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"systemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86b3d65f-7626-441e-b690-81a8b71cff60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"not_installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"not_installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"884b209a-963b-4520-8006-d20cb3c213e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces a required tag and its value on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce3da23-7156-49e4-b145-24f95f9dcb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"StorePasswordsUsingReversibleEncryption\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9297c21d-2ed6-4474-b48f-163f75654ce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in European data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: North Europe, West Europe\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"northeurope\",\r\n \"westeurope\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"94c19f19-8192-48cd-a11b-e37099d3e36b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in United States data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"centralus\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"northcentralus\",\r\n \"southcentralus\",\r\n \"westus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"983211ba-f348-4758-983b-21fa29294869\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9bfe3727-0a17-471f-a2fe-eddd6b668745\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected network endpoints in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network endpoints without a Next Generation Firewall's protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedNetworkEndpoint\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9daedab3-fb2d-461e-b861-71790eead4f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that can be deployed.\",\r\n \"displayName\": \"Allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesAllowed')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a08ec900-254a-4555-9bf5-e42af04b5c5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Service Bus namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1817ec0-a368-432a-8057-8371e17ac6ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a451c1ef-c6ca-483d-87ed-f49761e3ffb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL server level Auditing settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audits the existence of SQL Auditing at the server level\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Desired Auditing setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enabled\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit standard tier of DDoS protection is enabled for a virtual network\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableDDoSProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce encryption on Data Lake Store accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures encryption is enabled on all Data Lake Store accounts\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DataLakeStore/accounts/encryptionState\",\r\n \"equals\": \"Disabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7ff3161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unencrypted SQL servers or databases will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a8bef009-a5c9-4d0f-90d7-6018734e8a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy network watcher when virtual networks are created\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"networkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[field('location')]\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-09-01\",\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"name\": \"[concat('networkWacher_', parameters('location'))]\",\r\n \"location\": \"[parameters('location')]\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with owner permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa633080-8b72-40c4-a2d7-d00c03e80bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Automatic provisioning of security monitoring agent\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Installs security agent on VMs for advanced security alerts and preventions in Azure Security Center. Applies only for subscriptions that use Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"securityAgent\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abcc6037-1fc4-47f6-aac5-89706589be24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'environment' tag value in allowed values\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.environment\",\r\n \"in\": [\r\n \"production\",\r\n \"dev\",\r\n \"test\",\r\n \"staging\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"endpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af6cd1bd-1635-48cb-bde7-5b15693900b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unaudited SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"SQL servers and databases which doesn't have SQL auditing turned on will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"auditing\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af8051bf-258b-44e2-a2bf-165330459f9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible network Just In Time (JIT) access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"jitNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM /etc/passwd file permissions are set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Event Hub namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b278e460-7cfc-4451-8294-cccc40a940d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"AuditSecureProtocol\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AuditSecureProtocol\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs for Search service\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Search\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an API app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b48334a4-911b-4084-b1ab-3e6a4e50b951\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of Azure Active Directory for client authentication in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit usage of client authentication only via Azure Active Directory in Service Fabric\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b54ed75b-3e1a-44ac-a333-05ba39b99ff0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be0a7681-bed4-48dc-9ff3-f0171ee170b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Asia data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastasia\",\r\n \"southeastasia\",\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\",\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Data Lake Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply Diagnostic Settings for Network Security Groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy automatically deploys diagnostic settings to network security groups.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist)\",\r\n \"description\": \"This resource group must already exist\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setbypolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"rgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"storageDeployName\": \"[concat('policyStorage_', uniqueString(parameters('location'), parameters('nsgName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('nsgName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [\r\n \"[variables('storageDeployName')]\"\r\n ],\r\n \"properties\": {\r\n \"storageAccountId\": \"[reference(variables('storageDeployName')).outputs.storageAccountId.value]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('storageDeployName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('rgName')]\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-06-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[concat(parameters('storageprefix'), parameters('location'))]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"location\": \"[parameters('location')]\",\r\n \"tags\": {\r\n \"created-by\": \"policy\"\r\n },\r\n \"scale\": null,\r\n \"properties\": {\r\n \"networkAcls\": {\r\n \"bypass\": \"AzureServices\",\r\n \"defaultAction\": \"Allow\",\r\n \"ipRules\": [],\r\n \"virtualNetworkRules\": []\r\n },\r\n \"supportsHttpsTrafficOnly\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"storageAccountId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[resourceId(parameters('rgName'), 'Microsoft.Storage/storageAccounts',concat(parameters('storagePrefix'), parameters('location')))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('rgName')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb510bfd-1cba-4d9f-a230-cb0976f4bb71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed virtual machine SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for virtual machines.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cccc23c7-8427-4f53-ad12-b6a63eb452b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'department' tag set\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation only if the 'department' tag is set\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags\",\r\n \"containsKey\": \"department\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd8dc879-a2ae-43c3-8211-1877c5755064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Key Vault\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf820ca0-f99e-4f3e-84fb-66e913812d21\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Function Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a Function app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a web application from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd2ea520-6b06-45c3-806e-ea297c23e06a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e01598e8-6538-41ed-95e8-8b29746cd697\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor OS vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"osVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3576e28-8b17-4677-84c3-db2990658d64\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"global\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"notEquals\": \"Microsoft.AzureActiveDirectory/b2cDirectories\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e56962a6-4747-49cd-b67b-bf8b01975c4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Node.js Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Node.js version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestNodeJS\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e67687e8-08d5-4e7f-8226-5b4753bba008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations for resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that resource groups can be created in.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e765b5de-1225-4ba3-bd56-1ac6695af988\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within a web application must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e797f851-8be7-4c40-bb56-2e3395215b0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an API app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration and Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid110\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"NotInstalledApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"NotInstalledApplication\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[Parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0633351-c7b2-41ff-9981-508fc08553c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid121\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if they not logging to the LA workspace specified in the policy/initiative assignment.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"notEquals\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f47b5582-33ec-4c5c-87c0-b010a6b2e917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of authorization rules on Event Hub entities\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit existence of authorization rules on Event Hub entities to grant least-privileged access\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/eventhubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/eventHubs/authorizationRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4826e5f-6a27-407c-ae3e-9582eb39891d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Auditing on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\",\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8456c1c-aa66-4dfb-861a-25d127b775c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Service Bus\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Stream Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Stream Analytics\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingJobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits that the specified application is installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor SQL vulnerability assessment results in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedinstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"feedbf84-6b99-488c-acc2-71c829aa5ffc\"\r\n }\r\n ]\r\n}", + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines without disaster recovery configured\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"ASR-Protect-*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an Function app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"001802d1-4969-4c82-a700-c29c6c6f9bbd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"053d3325-282c-4e5c-b944-24faffd30d77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Data Lake Store\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057ef27e-665e-4328-8ea3-04b3122bd9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL DB Level Audit Setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit DB level audit setting for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit VMs that do not use managed disks\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0868462e-646c-4fe3-9ced-a733534b6a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08b17839-76c6-4015-90e0-33d9d54d219c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit minimum number of owners for subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate more than one subscription owner in order to have administrator access redundancy.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateMoreThanOneOwner\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted VM Disks in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0961003e-5a0a-4549-abde-af6a37f2724d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit resource location matches resource group location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that the resource location matches its resource group location\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"notIn\": [\r\n \"[resourcegroup().location]\",\r\n \"global\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a914e76-4921-4c19-b460-a2d36003525a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an function app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e60b895-3786-45da-8377-9c6b4b6ac5f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11ac78e3-31bc-4f0c-8434-37ab963cea07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the required content to audit that an application is installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"WhitelistedApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WhitelistedApplication\"\r\n },\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"installedApplication\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[Parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit transparent data encryption status\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit transparent data encryption status for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"enabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17k78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1c210e94-a481-4beb-95fa-1571b434fb04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicCompute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d84d5fb-01f6-4d12-ba4f-4a26081d403d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1de7b11d-1870-41a5-8181-507e7c663cfb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enforces a required tag and its value. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e30110a-5ceb-460c-a204-c1c3969c6d62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit provisioning of an Azure Active Directory administrator for SQL server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/administrators\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f314764-cb73-4fc9-b863-8eca98ac36e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected web application in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Web applications without a Web Application Firewall protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\",\r\n \"Microsoft.Web/hostingEnvironments\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201ea587-7c90-41c3-910f-c280ae01cfd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a API app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"224da9fe-0d38-4e79-adb3-0a6e2af942ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of only secure connections to your Redis Cache\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Cache\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22bee202-a82f-4305-9a2a-6d7f44d4dedb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordLength\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordLength\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit configuration of metric alert rules on Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit configuration of metric alert rules on Batch account to enable the required metric\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/alertRules\",\r\n \"existenceScope\": \"Subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\r\n \"equals\": \"[parameters('metricName')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\r\n \"equals\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', field('name'))]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Microsoft IaaSAntimalware extension for Windows Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys a Microsoft IaaSAntimalware extension with a default configuraion when a VM is not configured with the antimalware extension.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of process names to exclude from scanning\"\r\n }\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"false\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Quick\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"7\",\r\n \"metadata\": {\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"120\",\r\n \"metadata\": {\r\n \"description\": \"When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM.\"\r\n }\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2835b622-407b-4114-9198-6f7064cbe0dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Applies a required tag and its default value if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fde8a98-6892-426a-83ba-050e640c0ce0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32133ab0-ee4b-4b44-98d6-042180979d50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid232\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"equals\": \"Allow\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34c877ad-507e-4c82-993e-3452a6e0ad3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Logic Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Logic Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34f95f76-5386-4de7-b824-0d8478470c9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MaximumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MaximumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enablement of encryption of Automation account variables\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is important to enable encryption of Automation account variable assets when storing sensitive data\",\r\n \"metadata\": {\r\n \"category\": \"Automation\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts/variables\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Automation/automationAccounts/variables/isEncrypted\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3657f5a0-770e-44a3-b44e-9431ba1e9735\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Threat Detection is enabled on SQL Servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicStorage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in IoT Hubs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Internet of Things\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Devices/IotHubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"383856f8-de7f-44a2-81fc-e5135b5c2aa4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c1b3629-c8f8-4bf6-862c-037cb9094038\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Log Analytics Agent for Ubuntu VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace\",\r\n \"metadata\": {\r\n \"category\": \"Compute\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\",\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\",\r\n \"14.04.2-LTS\",\r\n \"12.04.5-LTS\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fe37002-5d00-4b37-a301-da09e3a0ca66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit secure transfer to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit requirment of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"404c3081-a854-4457-ae30-26a93ef643f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"428256e6-1fac-4f48-a757-df34c2b3336d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor permissive network access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"permissiveNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44452482-524f-4bf4-b852-0bff7cc4a3ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require SQL Server version 12.0\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures all SQL servers use version 12.0\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/version\",\r\n \"equals\": \"12.0\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46544d7b-1f0d-46f5-81da-5c1351de1b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce automatic OS upgrade with app health checks on VMSS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces usage of automatic OS upgrade with application health checks through health probes, which enables safer rollout by evaluating application health after each OS upgrade batch.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade\",\r\n \"equals\": \"True\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/networkProfile.healthProbe.id\",\r\n \"exists\": \"False\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f0161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible app Whitelisting in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible Application Whitelist configuration will be monitored by Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"applicationWhitelisting\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47a6b606-51aa-4496-8bb7-64b11cf66adc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48893b84-a2c8-4d9a-badf-835d5d1b7d53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Applies a required tag and its default value to resource groups if it is not specified by the user.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d1c04de-2172-403f-901b-90608c35c721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit maximum number of owners for a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateLessThanXOwners\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healty\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f11b553-d42e-4e3a-89be-32ca364cad4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with write permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df82f4f-773a-4a2d-97a2-422a806f1a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in India data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: West India, South India, Central India\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with read permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit the setting of ClusterProtectionLevel property to EncryptAndSign in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].name\",\r\n \"notEquals\": \"Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name\",\r\n \"notEquals\": \"ClusterProtectionLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value\",\r\n \"notEquals\": \"EncryptAndSign\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"617c02be-7f02-4efd-8836-3180d47b6c68\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit missing blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits storage accounts without blob encryption. It only applies to Microsoft.Storage resource types, not other storage providers. Possible network Just In Time access will be monitored by Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"655cb504-bcee-4362-bd4c-402e6aa38759\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a Function app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"664346d9-be92-43fb-a219-d595eeb76a90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a web application from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8450e2-6c61-43b4-be65-62e3a197bffe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization cannot deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that cannot be deployed.\",\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesNotAllowed')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdb9205-3462-4cfc-87d8-16c7860b53f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"EnforcePasswordHistory\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed storage account SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"StorageSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7433c107-6db4-4ad1-b57a-a76dce0154a1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in App Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"752c6934-9bcc-4749-b004-655e676ae2ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor VM Vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"vulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"760a85ff-6162-42b3-8d70-698e268f648c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"IaaSDiagnostics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Diagnostics\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"LinuxDiagnostic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.OSTCExtensions\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c1b1214-f927-48bf-8882-84f0af6588b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e56b49b-5990-4159-a734-511ea19b731c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordMustMeetComplexityRequirements\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit diagnostic setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f89b1eb-583c-429a-8828-af049802c1d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a214f7-d01a-484b-91a9-ed54470c9a6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy SQL DB transparent data encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enables transparent data encryption on SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('fullDbName'), '/current')]\",\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"apiVersion\": \"2014-04-01\",\r\n \"properties\": {\r\n \"status\": \"Enabled\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"value\": \"[field('fullName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing system updates in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Missing security system updates on your servers will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"systemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86b3d65f-7626-441e-b690-81a8b71cff60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"not_installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"not_installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"884b209a-963b-4520-8006-d20cb3c213e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces a required tag and its value on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce3da23-7156-49e4-b145-24f95f9dcb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"StorePasswordsUsingReversibleEncryption\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9297c21d-2ed6-4474-b48f-163f75654ce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in European data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: North Europe, West Europe\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"northeurope\",\r\n \"westeurope\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"94c19f19-8192-48cd-a11b-e37099d3e36b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in United States data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"centralus\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"northcentralus\",\r\n \"southcentralus\",\r\n \"westus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"983211ba-f348-4758-983b-21fa29294869\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9bfe3727-0a17-471f-a2fe-eddd6b668745\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected network endpoints in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network endpoints without a Next Generation Firewall's protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedNetworkEndpoint\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9daedab3-fb2d-461e-b861-71790eead4f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that can be deployed.\",\r\n \"displayName\": \"Allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesAllowed')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a08ec900-254a-4555-9bf5-e42af04b5c5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Service Bus namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1817ec0-a368-432a-8057-8371e17ac6ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a451c1ef-c6ca-483d-87ed-f49761e3ffb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL server level Auditing settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audits the existence of SQL Auditing at the server level\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Desired Auditing setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enabled\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit standard tier of DDoS protection is enabled for a virtual network\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableDDoSProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce encryption on Data Lake Store accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures encryption is enabled on all Data Lake Store accounts\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DataLakeStore/accounts/encryptionState\",\r\n \"equals\": \"Disabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7ff3161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unencrypted SQL servers or databases will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a8bef009-a5c9-4d0f-90d7-6018734e8a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy network watcher when virtual networks are created\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"networkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[field('location')]\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-09-01\",\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"name\": \"[concat('networkWacher_', parameters('location'))]\",\r\n \"location\": \"[parameters('location')]\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with owner permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa633080-8b72-40c4-a2d7-d00c03e80bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Automatic provisioning of security monitoring agent\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Installs security agent on VMs for advanced security alerts and preventions in Azure Security Center. Applies only for subscriptions that use Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"securityAgent\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abcc6037-1fc4-47f6-aac5-89706589be24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'environment' tag value in allowed values\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.environment\",\r\n \"in\": [\r\n \"production\",\r\n \"dev\",\r\n \"test\",\r\n \"staging\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"endpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af6cd1bd-1635-48cb-bde7-5b15693900b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unaudited SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"SQL servers and databases which doesn't have SQL auditing turned on will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"auditing\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af8051bf-258b-44e2-a2bf-165330459f9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible network Just In Time (JIT) access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"jitNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM /etc/passwd file permissions are set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Event Hub namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b278e460-7cfc-4451-8294-cccc40a940d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"AuditSecureProtocol\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AuditSecureProtocol\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs for Search service\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Search\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an API app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b48334a4-911b-4084-b1ab-3e6a4e50b951\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of Azure Active Directory for client authentication in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit usage of client authentication only via Azure Active Directory in Service Fabric\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b54ed75b-3e1a-44ac-a333-05ba39b99ff0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be0a7681-bed4-48dc-9ff3-f0171ee170b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Asia data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastasia\",\r\n \"southeastasia\",\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\",\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Data Lake Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply Diagnostic Settings for Network Security Groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy automatically deploys diagnostic settings to network security groups.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist)\",\r\n \"description\": \"This resource group must already exist\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setbypolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"rgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"storageDeployName\": \"[concat('policyStorage_', uniqueString(parameters('location'), parameters('nsgName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('nsgName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [\r\n \"[variables('storageDeployName')]\"\r\n ],\r\n \"properties\": {\r\n \"storageAccountId\": \"[reference(variables('storageDeployName')).outputs.storageAccountId.value]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('storageDeployName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('rgName')]\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-06-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[concat(parameters('storageprefix'), parameters('location'))]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"location\": \"[parameters('location')]\",\r\n \"tags\": {\r\n \"created-by\": \"policy\"\r\n },\r\n \"scale\": null,\r\n \"properties\": {\r\n \"networkAcls\": {\r\n \"bypass\": \"AzureServices\",\r\n \"defaultAction\": \"Allow\",\r\n \"ipRules\": [],\r\n \"virtualNetworkRules\": []\r\n },\r\n \"supportsHttpsTrafficOnly\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"storageAccountId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[resourceId(parameters('rgName'), 'Microsoft.Storage/storageAccounts',concat(parameters('storagePrefix'), parameters('location')))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('rgName')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb510bfd-1cba-4d9f-a230-cb0976f4bb71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed virtual machine SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for virtual machines.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cccc23c7-8427-4f53-ad12-b6a63eb452b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'department' tag set\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation only if the 'department' tag is set\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags\",\r\n \"containsKey\": \"department\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd8dc879-a2ae-43c3-8211-1877c5755064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Key Vault\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf820ca0-f99e-4f3e-84fb-66e913812d21\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Function Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a Function app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a web application from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd2ea520-6b06-45c3-806e-ea297c23e06a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e01598e8-6538-41ed-95e8-8b29746cd697\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor OS vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"osVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3576e28-8b17-4677-84c3-db2990658d64\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"global\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"notEquals\": \"Microsoft.AzureActiveDirectory/b2cDirectories\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e56962a6-4747-49cd-b67b-bf8b01975c4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Node.js Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Node.js version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestNodeJS\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e67687e8-08d5-4e7f-8226-5b4753bba008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations for resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that resource groups can be created in.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e765b5de-1225-4ba3-bd56-1ac6695af988\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within a web application must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e797f851-8be7-4c40-bb56-2e3395215b0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an API app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration and Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid110\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"NotInstalledApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"NotInstalledApplication\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[Parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0633351-c7b2-41ff-9981-508fc08553c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid121\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if they not logging to the LA workspace specified in the policy/initiative assignment.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"notEquals\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f47b5582-33ec-4c5c-87c0-b010a6b2e917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of authorization rules on Event Hub entities\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit existence of authorization rules on Event Hub entities to grant least-privileged access\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/eventhubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/eventHubs/authorizationRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4826e5f-6a27-407c-ae3e-9582eb39891d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Auditing on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\",\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8456c1c-aa66-4dfb-861a-25d127b775c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Service Bus\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Stream Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Stream Analytics\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingJobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits that the specified application is installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor SQL vulnerability assessment results in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedinstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"feedbf84-6b99-488c-acc2-71c829aa5ffc\"\r\n }\r\n ]\r\n}", "StatusCode": 200 }, { @@ -784,16 +1031,16 @@ "Accept-Encoding" ], "x-ms-ratelimit-remaining-tenant-reads": [ - "11988" + "11998" ], "x-ms-request-id": [ - "westus2:a55ff907-062e-4aab-ac7b-6b2330a776b6" + "westus2:978f3d04-13ca-4b1a-b438-ee76ee0671f9" ], "x-ms-correlation-request-id": [ - "efd8f347-5b06-467d-8852-0bd9a7ac3ac9" + "97fe8a7f-815c-4410-8a4d-b4c09feb8f43" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T214017Z:efd8f347-5b06-467d-8852-0bd9a7ac3ac9" + "WESTUS2:20190116T193655Z:97fe8a7f-815c-4410-8a4d-b4c09feb8f43" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -802,10 +1049,10 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:40:16 GMT" + "Wed, 16 Jan 2019 19:36:54 GMT" ], "Content-Length": [ - "270715" + "274088" ], "Content-Type": [ "application/json; charset=utf-8" @@ -817,7 +1064,7 @@ "0" ] }, - "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines without disaster recovery configured\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"ASR-Protect-*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an Function app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"001802d1-4969-4c82-a700-c29c6c6f9bbd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"053d3325-282c-4e5c-b944-24faffd30d77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Data Lake Store\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057ef27e-665e-4328-8ea3-04b3122bd9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL DB Level Audit Setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit DB level audit setting for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit VMs that do not use managed disks\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0868462e-646c-4fe3-9ced-a733534b6a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08b17839-76c6-4015-90e0-33d9d54d219c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit minimum number of owners for subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate more than one subscription owner in order to have administrator access redundancy.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateMoreThanOneOwner\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted VM Disks in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0961003e-5a0a-4549-abde-af6a37f2724d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit resource location matches resource group location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that the resource location matches its resource group location\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"notIn\": [\r\n \"[resourcegroup().location]\",\r\n \"global\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a914e76-4921-4c19-b460-a2d36003525a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an function app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e60b895-3786-45da-8377-9c6b4b6ac5f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11ac78e3-31bc-4f0c-8434-37ab963cea07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the required content to audit that an application is installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"WhitelistedApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WhitelistedApplication\"\r\n },\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"installedApplication\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[Parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit transparent data encryption status\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit transparent data encryption status for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"enabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17k78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1c210e94-a481-4beb-95fa-1571b434fb04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicCompute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d84d5fb-01f6-4d12-ba4f-4a26081d403d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1de7b11d-1870-41a5-8181-507e7c663cfb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enforces a required tag and its value. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e30110a-5ceb-460c-a204-c1c3969c6d62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit provisioning of an Azure Active Directory administrator for SQL server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/administrators\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f314764-cb73-4fc9-b863-8eca98ac36e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected web application in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Web applications without a Web Application Firewall protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\",\r\n \"Microsoft.Web/hostingEnvironments\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201ea587-7c90-41c3-910f-c280ae01cfd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a API app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"224da9fe-0d38-4e79-adb3-0a6e2af942ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of only secure connections to your Redis Cache\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Cache\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22bee202-a82f-4305-9a2a-6d7f44d4dedb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordLength\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordLength\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit configuration of metric alert rules on Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit configuration of metric alert rules on Batch account to enable the required metric\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/alertRules\",\r\n \"existenceScope\": \"Subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\r\n \"equals\": \"[parameters('metricName')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\r\n \"equals\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', field('name'))]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Microsoft IaaSAntimalware extension for Windows Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys a Microsoft IaaSAntimalware extension with a default configuraion when a VM is not configured with the antimalware extension.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of process names to exclude from scanning\"\r\n }\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"false\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Quick\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"7\",\r\n \"metadata\": {\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"120\",\r\n \"metadata\": {\r\n \"description\": \"When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM.\"\r\n }\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2835b622-407b-4114-9198-6f7064cbe0dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Applies a required tag and its default value if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fde8a98-6892-426a-83ba-050e640c0ce0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32133ab0-ee4b-4b44-98d6-042180979d50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid232\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"equals\": \"Allow\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34c877ad-507e-4c82-993e-3452a6e0ad3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Logic Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Logic Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34f95f76-5386-4de7-b824-0d8478470c9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MaximumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MaximumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enablement of encryption of Automation account variables\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is important to enable encryption of Automation account variable assets when storing sensitive data\",\r\n \"metadata\": {\r\n \"category\": \"Automation\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts/variables\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Automation/automationAccounts/variables/isEncrypted\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3657f5a0-770e-44a3-b44e-9431ba1e9735\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Threat Detection is enabled on SQL Servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicStorage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c1b3629-c8f8-4bf6-862c-037cb9094038\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Log Analytics Agent for Ubuntu VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace\",\r\n \"metadata\": {\r\n \"category\": \"Compute\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\",\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\",\r\n \"14.04.2-LTS\",\r\n \"12.04.5-LTS\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fe37002-5d00-4b37-a301-da09e3a0ca66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit secure transfer to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit requirment of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"404c3081-a854-4457-ae30-26a93ef643f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"428256e6-1fac-4f48-a757-df34c2b3336d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor permissive network access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"permissiveNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44452482-524f-4bf4-b852-0bff7cc4a3ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require SQL Server version 12.0\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures all SQL servers use version 12.0\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/version\",\r\n \"equals\": \"12.0\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46544d7b-1f0d-46f5-81da-5c1351de1b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce automatic OS upgrade with app health checks on VMSS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces usage of automatic OS upgrade with application health checks through health probes, which enables safer rollout by evaluating application health after each OS upgrade batch.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade\",\r\n \"equals\": \"True\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/networkProfile.healthProbe.id\",\r\n \"exists\": \"False\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f0161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible app Whitelisting in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible Application Whitelist configuration will be monitored by Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"applicationWhitelisting\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47a6b606-51aa-4496-8bb7-64b11cf66adc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48893b84-a2c8-4d9a-badf-835d5d1b7d53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Applies a required tag and its default value to resource groups if it is not specified by the user.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d1c04de-2172-403f-901b-90608c35c721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit maximum number of owners for a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateLessThanXOwners\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f11b553-d42e-4e3a-89be-32ca364cad4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with write permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df82f4f-773a-4a2d-97a2-422a806f1a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in India data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: West India, South India, Central India\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with read permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit the setting of ClusterProtectionLevel property to EncryptAndSign in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].name\",\r\n \"notEquals\": \"Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name\",\r\n \"notEquals\": \"ClusterProtectionLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value\",\r\n \"notEquals\": \"EncryptAndSign\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"617c02be-7f02-4efd-8836-3180d47b6c68\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit missing blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits storage accounts without blob encryption. It only applies to Microsoft.Storage resource types, not other storage providers. Possible network Just In Time access will be monitored by Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"655cb504-bcee-4362-bd4c-402e6aa38759\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a Function app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"664346d9-be92-43fb-a219-d595eeb76a90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a web application from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8450e2-6c61-43b4-be65-62e3a197bffe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization cannot deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that cannot be deployed.\",\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesNotAllowed')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdb9205-3462-4cfc-87d8-16c7860b53f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"EnforcePasswordHistory\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed storage account SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"StorageSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7433c107-6db4-4ad1-b57a-a76dce0154a1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in App Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"752c6934-9bcc-4749-b004-655e676ae2ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor VM Vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"vulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"760a85ff-6162-42b3-8d70-698e268f648c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"IaaSDiagnostics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Diagnostics\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"LinuxDiagnostic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.OSTCExtensions\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c1b1214-f927-48bf-8882-84f0af6588b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e56b49b-5990-4159-a734-511ea19b731c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordMustMeetComplexityRequirements\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit diagnostic setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f89b1eb-583c-429a-8828-af049802c1d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a214f7-d01a-484b-91a9-ed54470c9a6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy SQL DB transparent data encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enables transparent data encryption on SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('fullDbName'), '/current')]\",\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"apiVersion\": \"2014-04-01\",\r\n \"properties\": {\r\n \"status\": \"Enabled\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"value\": \"[field('fullName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing system updates in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Missing security system updates on your servers will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"systemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86b3d65f-7626-441e-b690-81a8b71cff60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"not_installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"not_installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"884b209a-963b-4520-8006-d20cb3c213e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces a required tag and its value on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce3da23-7156-49e4-b145-24f95f9dcb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"StorePasswordsUsingReversibleEncryption\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9297c21d-2ed6-4474-b48f-163f75654ce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in European data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: North Europe, West Europe\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"northeurope\",\r\n \"westeurope\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"94c19f19-8192-48cd-a11b-e37099d3e36b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in United States data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"centralus\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"northcentralus\",\r\n \"southcentralus\",\r\n \"westus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"983211ba-f348-4758-983b-21fa29294869\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9bfe3727-0a17-471f-a2fe-eddd6b668745\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected network endpoints in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network endpoints without a Next Generation Firewall's protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedNetworkEndpoint\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9daedab3-fb2d-461e-b861-71790eead4f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that can be deployed.\",\r\n \"displayName\": \"Allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesAllowed')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a08ec900-254a-4555-9bf5-e42af04b5c5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Service Bus namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1817ec0-a368-432a-8057-8371e17ac6ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a451c1ef-c6ca-483d-87ed-f49761e3ffb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL server level Auditing settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audits the existence of SQL Auditing at the server level\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Desired Auditing setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enabled\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit standard tier of DDoS protection is enabled for a virtual network\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableDDoSProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce encryption on Data Lake Store accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures encryption is enabled on all Data Lake Store accounts\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DataLakeStore/accounts/encryptionState\",\r\n \"equals\": \"Disabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7ff3161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unencrypted SQL servers or databases will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a8bef009-a5c9-4d0f-90d7-6018734e8a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy network watcher when virtual networks are created\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"networkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[field('location')]\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-09-01\",\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"name\": \"[concat('networkWacher_', parameters('location'))]\",\r\n \"location\": \"[parameters('location')]\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with owner permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa633080-8b72-40c4-a2d7-d00c03e80bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Automatic provisioning of security monitoring agent\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Installs security agent on VMs for advanced security alerts and preventions in Azure Security Center. Applies only for subscriptions that use Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"securityAgent\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abcc6037-1fc4-47f6-aac5-89706589be24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'environment' tag value in allowed values\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.environment\",\r\n \"in\": [\r\n \"production\",\r\n \"dev\",\r\n \"test\",\r\n \"staging\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"endpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af6cd1bd-1635-48cb-bde7-5b15693900b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unaudited SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"SQL servers and databases which doesn't have SQL auditing turned on will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"auditing\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af8051bf-258b-44e2-a2bf-165330459f9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible network Just In Time (JIT) access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"jitNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM /etc/passwd file permissions are set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Event Hub namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b278e460-7cfc-4451-8294-cccc40a940d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"AuditSecureProtocol\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AuditSecureProtocol\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs for Search service\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Search\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an API app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b48334a4-911b-4084-b1ab-3e6a4e50b951\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of Azure Active Directory for client authentication in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit usage of client authentication only via Azure Active Directory in Service Fabric\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b54ed75b-3e1a-44ac-a333-05ba39b99ff0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be0a7681-bed4-48dc-9ff3-f0171ee170b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Asia data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastasia\",\r\n \"southeastasia\",\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\",\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Data Lake Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply Diagnostic Settings for Network Security Groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy automatically deploys diagnostic settings to network security groups.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist)\",\r\n \"description\": \"This resource group must already exist\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setbypolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"rgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"storageDeployName\": \"[concat('policyStorage_', uniqueString(parameters('location'), parameters('nsgName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('nsgName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [\r\n \"[variables('storageDeployName')]\"\r\n ],\r\n \"properties\": {\r\n \"storageAccountId\": \"[reference(variables('storageDeployName')).outputs.storageAccountId.value]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('storageDeployName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('rgName')]\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-06-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[concat(parameters('storageprefix'), parameters('location'))]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"location\": \"[parameters('location')]\",\r\n \"tags\": {\r\n \"created-by\": \"policy\"\r\n },\r\n \"scale\": null,\r\n \"properties\": {\r\n \"networkAcls\": {\r\n \"bypass\": \"AzureServices\",\r\n \"defaultAction\": \"Allow\",\r\n \"ipRules\": [],\r\n \"virtualNetworkRules\": []\r\n },\r\n \"supportsHttpsTrafficOnly\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"storageAccountId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[resourceId(parameters('rgName'), 'Microsoft.Storage/storageAccounts',concat(parameters('storagePrefix'), parameters('location')))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('rgName')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb510bfd-1cba-4d9f-a230-cb0976f4bb71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed virtual machine SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for virtual machines.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cccc23c7-8427-4f53-ad12-b6a63eb452b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'department' tag set\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation only if the 'department' tag is set\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags\",\r\n \"containsKey\": \"department\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd8dc879-a2ae-43c3-8211-1877c5755064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Key Vault\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf820ca0-f99e-4f3e-84fb-66e913812d21\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Function Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a Function app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a web application from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd2ea520-6b06-45c3-806e-ea297c23e06a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e01598e8-6538-41ed-95e8-8b29746cd697\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor OS vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"osVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3576e28-8b17-4677-84c3-db2990658d64\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"global\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"notEquals\": \"Microsoft.AzureActiveDirectory/b2cDirectories\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e56962a6-4747-49cd-b67b-bf8b01975c4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Node.js Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Node.js version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestNodeJS\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e67687e8-08d5-4e7f-8226-5b4753bba008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations for resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that resource groups can be created in.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e765b5de-1225-4ba3-bd56-1ac6695af988\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within a web application must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e797f851-8be7-4c40-bb56-2e3395215b0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an API app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration and Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid110\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"NotInstalledApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"NotInstalledApplication\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[Parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0633351-c7b2-41ff-9981-508fc08553c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid121\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if they not logging to the LA workspace specified in the policy/initiative assignment.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"notEquals\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f47b5582-33ec-4c5c-87c0-b010a6b2e917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of authorization rules on Event Hub entities\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit existence of authorization rules on Event Hub entities to grant least-privileged access\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/eventhubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/eventHubs/authorizationRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4826e5f-6a27-407c-ae3e-9582eb39891d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Auditing on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\",\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8456c1c-aa66-4dfb-861a-25d127b775c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Service Bus\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Stream Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Stream Analytics\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingJobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits that the specified application is installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor SQL vulnerability assessment results in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedinstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"feedbf84-6b99-488c-acc2-71c829aa5ffc\"\r\n }\r\n ]\r\n}", + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines without disaster recovery configured\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"ASR-Protect-*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an Function app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"001802d1-4969-4c82-a700-c29c6c6f9bbd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"053d3325-282c-4e5c-b944-24faffd30d77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Data Lake Store\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057ef27e-665e-4328-8ea3-04b3122bd9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL DB Level Audit Setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit DB level audit setting for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit VMs that do not use managed disks\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0868462e-646c-4fe3-9ced-a733534b6a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08b17839-76c6-4015-90e0-33d9d54d219c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit minimum number of owners for subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate more than one subscription owner in order to have administrator access redundancy.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateMoreThanOneOwner\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted VM Disks in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0961003e-5a0a-4549-abde-af6a37f2724d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit resource location matches resource group location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that the resource location matches its resource group location\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"notIn\": [\r\n \"[resourcegroup().location]\",\r\n \"global\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a914e76-4921-4c19-b460-a2d36003525a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an function app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e60b895-3786-45da-8377-9c6b4b6ac5f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11ac78e3-31bc-4f0c-8434-37ab963cea07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the required content to audit that an application is installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"WhitelistedApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WhitelistedApplication\"\r\n },\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"installedApplication\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[Parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit transparent data encryption status\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit transparent data encryption status for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"enabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17k78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1c210e94-a481-4beb-95fa-1571b434fb04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicCompute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d84d5fb-01f6-4d12-ba4f-4a26081d403d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1de7b11d-1870-41a5-8181-507e7c663cfb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enforces a required tag and its value. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e30110a-5ceb-460c-a204-c1c3969c6d62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit provisioning of an Azure Active Directory administrator for SQL server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/administrators\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f314764-cb73-4fc9-b863-8eca98ac36e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected web application in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Web applications without a Web Application Firewall protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\",\r\n \"Microsoft.Web/hostingEnvironments\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201ea587-7c90-41c3-910f-c280ae01cfd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a API app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"224da9fe-0d38-4e79-adb3-0a6e2af942ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of only secure connections to your Redis Cache\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Cache\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22bee202-a82f-4305-9a2a-6d7f44d4dedb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordLength\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordLength\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit configuration of metric alert rules on Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit configuration of metric alert rules on Batch account to enable the required metric\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/alertRules\",\r\n \"existenceScope\": \"Subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\r\n \"equals\": \"[parameters('metricName')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\r\n \"equals\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', field('name'))]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Microsoft IaaSAntimalware extension for Windows Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys a Microsoft IaaSAntimalware extension with a default configuraion when a VM is not configured with the antimalware extension.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of process names to exclude from scanning\"\r\n }\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"false\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Quick\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"7\",\r\n \"metadata\": {\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"120\",\r\n \"metadata\": {\r\n \"description\": \"When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM.\"\r\n }\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2835b622-407b-4114-9198-6f7064cbe0dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Applies a required tag and its default value if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fde8a98-6892-426a-83ba-050e640c0ce0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32133ab0-ee4b-4b44-98d6-042180979d50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid232\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"equals\": \"Allow\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34c877ad-507e-4c82-993e-3452a6e0ad3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Logic Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Logic Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34f95f76-5386-4de7-b824-0d8478470c9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MaximumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MaximumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enablement of encryption of Automation account variables\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is important to enable encryption of Automation account variable assets when storing sensitive data\",\r\n \"metadata\": {\r\n \"category\": \"Automation\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts/variables\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Automation/automationAccounts/variables/isEncrypted\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3657f5a0-770e-44a3-b44e-9431ba1e9735\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Threat Detection is enabled on SQL Servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicStorage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in IoT Hubs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Internet of Things\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Devices/IotHubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"383856f8-de7f-44a2-81fc-e5135b5c2aa4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c1b3629-c8f8-4bf6-862c-037cb9094038\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Log Analytics Agent for Ubuntu VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace\",\r\n \"metadata\": {\r\n \"category\": \"Compute\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\",\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\",\r\n \"14.04.2-LTS\",\r\n \"12.04.5-LTS\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fe37002-5d00-4b37-a301-da09e3a0ca66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit secure transfer to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit requirment of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"404c3081-a854-4457-ae30-26a93ef643f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"428256e6-1fac-4f48-a757-df34c2b3336d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor permissive network access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"permissiveNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44452482-524f-4bf4-b852-0bff7cc4a3ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require SQL Server version 12.0\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures all SQL servers use version 12.0\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/version\",\r\n \"equals\": \"12.0\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46544d7b-1f0d-46f5-81da-5c1351de1b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce automatic OS upgrade with app health checks on VMSS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces usage of automatic OS upgrade with application health checks through health probes, which enables safer rollout by evaluating application health after each OS upgrade batch.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade\",\r\n \"equals\": \"True\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/networkProfile.healthProbe.id\",\r\n \"exists\": \"False\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f0161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible app Whitelisting in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible Application Whitelist configuration will be monitored by Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"applicationWhitelisting\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47a6b606-51aa-4496-8bb7-64b11cf66adc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48893b84-a2c8-4d9a-badf-835d5d1b7d53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Applies a required tag and its default value to resource groups if it is not specified by the user.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d1c04de-2172-403f-901b-90608c35c721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit maximum number of owners for a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateLessThanXOwners\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healty\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f11b553-d42e-4e3a-89be-32ca364cad4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with write permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df82f4f-773a-4a2d-97a2-422a806f1a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in India data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: West India, South India, Central India\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with read permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit the setting of ClusterProtectionLevel property to EncryptAndSign in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].name\",\r\n \"notEquals\": \"Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name\",\r\n \"notEquals\": \"ClusterProtectionLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value\",\r\n \"notEquals\": \"EncryptAndSign\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"617c02be-7f02-4efd-8836-3180d47b6c68\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit missing blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits storage accounts without blob encryption. It only applies to Microsoft.Storage resource types, not other storage providers. Possible network Just In Time access will be monitored by Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"655cb504-bcee-4362-bd4c-402e6aa38759\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a Function app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"664346d9-be92-43fb-a219-d595eeb76a90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a web application from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8450e2-6c61-43b4-be65-62e3a197bffe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization cannot deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that cannot be deployed.\",\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesNotAllowed')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdb9205-3462-4cfc-87d8-16c7860b53f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"EnforcePasswordHistory\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed storage account SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"StorageSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7433c107-6db4-4ad1-b57a-a76dce0154a1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in App Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"752c6934-9bcc-4749-b004-655e676ae2ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor VM Vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"vulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"760a85ff-6162-42b3-8d70-698e268f648c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"IaaSDiagnostics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Diagnostics\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"LinuxDiagnostic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.OSTCExtensions\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c1b1214-f927-48bf-8882-84f0af6588b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e56b49b-5990-4159-a734-511ea19b731c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordMustMeetComplexityRequirements\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit diagnostic setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f89b1eb-583c-429a-8828-af049802c1d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a214f7-d01a-484b-91a9-ed54470c9a6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy SQL DB transparent data encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enables transparent data encryption on SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('fullDbName'), '/current')]\",\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"apiVersion\": \"2014-04-01\",\r\n \"properties\": {\r\n \"status\": \"Enabled\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"value\": \"[field('fullName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing system updates in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Missing security system updates on your servers will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"systemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86b3d65f-7626-441e-b690-81a8b71cff60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"not_installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"not_installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"884b209a-963b-4520-8006-d20cb3c213e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces a required tag and its value on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce3da23-7156-49e4-b145-24f95f9dcb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"StorePasswordsUsingReversibleEncryption\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9297c21d-2ed6-4474-b48f-163f75654ce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in European data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: North Europe, West Europe\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"northeurope\",\r\n \"westeurope\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"94c19f19-8192-48cd-a11b-e37099d3e36b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in United States data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"centralus\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"northcentralus\",\r\n \"southcentralus\",\r\n \"westus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"983211ba-f348-4758-983b-21fa29294869\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9bfe3727-0a17-471f-a2fe-eddd6b668745\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected network endpoints in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network endpoints without a Next Generation Firewall's protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedNetworkEndpoint\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9daedab3-fb2d-461e-b861-71790eead4f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that can be deployed.\",\r\n \"displayName\": \"Allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesAllowed')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a08ec900-254a-4555-9bf5-e42af04b5c5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Service Bus namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1817ec0-a368-432a-8057-8371e17ac6ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a451c1ef-c6ca-483d-87ed-f49761e3ffb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL server level Auditing settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audits the existence of SQL Auditing at the server level\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Desired Auditing setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enabled\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit standard tier of DDoS protection is enabled for a virtual network\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableDDoSProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce encryption on Data Lake Store accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures encryption is enabled on all Data Lake Store accounts\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DataLakeStore/accounts/encryptionState\",\r\n \"equals\": \"Disabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7ff3161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unencrypted SQL servers or databases will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a8bef009-a5c9-4d0f-90d7-6018734e8a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy network watcher when virtual networks are created\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"networkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[field('location')]\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-09-01\",\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"name\": \"[concat('networkWacher_', parameters('location'))]\",\r\n \"location\": \"[parameters('location')]\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with owner permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa633080-8b72-40c4-a2d7-d00c03e80bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Automatic provisioning of security monitoring agent\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Installs security agent on VMs for advanced security alerts and preventions in Azure Security Center. Applies only for subscriptions that use Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"securityAgent\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abcc6037-1fc4-47f6-aac5-89706589be24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'environment' tag value in allowed values\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.environment\",\r\n \"in\": [\r\n \"production\",\r\n \"dev\",\r\n \"test\",\r\n \"staging\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"endpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af6cd1bd-1635-48cb-bde7-5b15693900b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unaudited SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"SQL servers and databases which doesn't have SQL auditing turned on will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"auditing\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af8051bf-258b-44e2-a2bf-165330459f9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible network Just In Time (JIT) access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"jitNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM /etc/passwd file permissions are set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Event Hub namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b278e460-7cfc-4451-8294-cccc40a940d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"AuditSecureProtocol\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AuditSecureProtocol\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs for Search service\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Search\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an API app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b48334a4-911b-4084-b1ab-3e6a4e50b951\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of Azure Active Directory for client authentication in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit usage of client authentication only via Azure Active Directory in Service Fabric\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b54ed75b-3e1a-44ac-a333-05ba39b99ff0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be0a7681-bed4-48dc-9ff3-f0171ee170b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Asia data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastasia\",\r\n \"southeastasia\",\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\",\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Data Lake Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply Diagnostic Settings for Network Security Groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy automatically deploys diagnostic settings to network security groups.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist)\",\r\n \"description\": \"This resource group must already exist\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setbypolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"rgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"storageDeployName\": \"[concat('policyStorage_', uniqueString(parameters('location'), parameters('nsgName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('nsgName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [\r\n \"[variables('storageDeployName')]\"\r\n ],\r\n \"properties\": {\r\n \"storageAccountId\": \"[reference(variables('storageDeployName')).outputs.storageAccountId.value]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('storageDeployName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('rgName')]\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-06-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[concat(parameters('storageprefix'), parameters('location'))]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"location\": \"[parameters('location')]\",\r\n \"tags\": {\r\n \"created-by\": \"policy\"\r\n },\r\n \"scale\": null,\r\n \"properties\": {\r\n \"networkAcls\": {\r\n \"bypass\": \"AzureServices\",\r\n \"defaultAction\": \"Allow\",\r\n \"ipRules\": [],\r\n \"virtualNetworkRules\": []\r\n },\r\n \"supportsHttpsTrafficOnly\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"storageAccountId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[resourceId(parameters('rgName'), 'Microsoft.Storage/storageAccounts',concat(parameters('storagePrefix'), parameters('location')))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('rgName')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb510bfd-1cba-4d9f-a230-cb0976f4bb71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed virtual machine SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for virtual machines.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cccc23c7-8427-4f53-ad12-b6a63eb452b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'department' tag set\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation only if the 'department' tag is set\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags\",\r\n \"containsKey\": \"department\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd8dc879-a2ae-43c3-8211-1877c5755064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Key Vault\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf820ca0-f99e-4f3e-84fb-66e913812d21\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Function Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a Function app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a web application from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd2ea520-6b06-45c3-806e-ea297c23e06a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e01598e8-6538-41ed-95e8-8b29746cd697\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor OS vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"osVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3576e28-8b17-4677-84c3-db2990658d64\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"global\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"notEquals\": \"Microsoft.AzureActiveDirectory/b2cDirectories\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e56962a6-4747-49cd-b67b-bf8b01975c4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Node.js Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Node.js version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestNodeJS\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e67687e8-08d5-4e7f-8226-5b4753bba008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations for resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that resource groups can be created in.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e765b5de-1225-4ba3-bd56-1ac6695af988\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within a web application must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e797f851-8be7-4c40-bb56-2e3395215b0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an API app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration and Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid110\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"NotInstalledApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"NotInstalledApplication\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[Parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0633351-c7b2-41ff-9981-508fc08553c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid121\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if they not logging to the LA workspace specified in the policy/initiative assignment.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"notEquals\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f47b5582-33ec-4c5c-87c0-b010a6b2e917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of authorization rules on Event Hub entities\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit existence of authorization rules on Event Hub entities to grant least-privileged access\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/eventhubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/eventHubs/authorizationRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4826e5f-6a27-407c-ae3e-9582eb39891d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Auditing on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\",\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8456c1c-aa66-4dfb-861a-25d127b775c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Service Bus\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Stream Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Stream Analytics\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingJobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits that the specified application is installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor SQL vulnerability assessment results in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedinstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"feedbf84-6b99-488c-acc2-71c829aa5ffc\"\r\n }\r\n ]\r\n}", "StatusCode": 200 } ], diff --git a/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestGetPolicySetDefinitionParameters.json b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestGetPolicySetDefinitionParameters.json index 97ae12ff2084..058ff9cae1e6 100644 --- a/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestGetPolicySetDefinitionParameters.json +++ b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestGetPolicySetDefinitionParameters.json @@ -28,16 +28,16 @@ "Accept-Encoding" ], "x-ms-request-id": [ - "westus2:3c8df9a3-aec6-48c1-b1b7-6f884767203b" + "westus2:4bd7f03c-3133-47ef-9f41-a0258cc478fd" ], "x-ms-ratelimit-remaining-subscription-reads": [ - "11995" + "11971" ], "x-ms-correlation-request-id": [ - "21001713-bbfd-4391-8ac4-582f99a30459" + "d141b875-fefb-4037-bd35-ada16365a3da" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T213600Z:21001713-bbfd-4391-8ac4-582f99a30459" + "WESTUS2:20190116T193614Z:d141b875-fefb-4037-bd35-ada16365a3da" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -46,10 +46,10 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:36:00 GMT" + "Wed, 16 Jan 2019 19:36:14 GMT" ], "Content-Length": [ - "91044" + "93897" ], "Content-Type": [ "application/json; charset=utf-8" @@ -61,7 +61,7 @@ "0" ] }, - "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Monitoring in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor system updates\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor OS vulnerabilities\",\r\n \"description\": \"Enable or disable OS vulnerabilities monitoring (based on a configured baseline)\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor endpoint protection\",\r\n \"description\": \"Enable or disable endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disk encryption\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor network security groups\",\r\n \"description\": \"Enable or disable monitoring of network security groups with permissive rules\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webApplicationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor web application firewall\",\r\n \"description\": \"Enable or disable the monitoring of unprotected web applications\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Next Generation Firewall (NGFW) monitoring\",\r\n \"description\": \"Enable or disable monitoring network endpoints without a Next Generation Firewall\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor vulnerability assesment\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"storageEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor storage blob encryption\",\r\n \"description\": \"Enable or disable the monitoring of blob encryption for storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor JIT network access\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor application whitelisting\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL Servers auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL Servers\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInAppServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure App Services\",\r\n \"description\": \"Enable or disable the monitoring of diagnostics logs in Azure App Services\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"encryptionOfAutomationAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor encryption of automation accounts\",\r\n \"description\": \"Enable or disable the monitoring of automation account encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"metricAlertsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor metric alerts in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of metric alerts in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic compute VMs\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"classicStorageAccountsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of classic storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Analytics accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Analytics accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Store accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Store accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Event Hub accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInKeyVaultMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Key Vault vaults\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Key Vault vaults\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInKeyVaultRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Key Vault vaults\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Logic Apps workflows\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInLogicAppsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Redis Cache\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Redis Cache\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Search service\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Azure Active Directory authentication in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"clusterProtectionLevelInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor cluster protection level in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of cluster protection level in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Bus\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Bus\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceBusRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Service Bus\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Service Bus namespace authorization rules\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the provisioning of an Azure AD admininistrator for SQL server\",\r\n \"description\": \"Enable or disable the monitoring of an Azure AD admininistrator for SQL server\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the secure transfer to storage account\",\r\n \"description\": \"Enable or disable the monitoring of secure transfer to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Stream Analytics\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Stream Analytics\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Stream Analytics\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"useRbacRulesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor of using built-in RBAC rules\",\r\n \"description\": \"Enable or disable the monitoring of using built-in RBAC rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disabling of unrestricted network access to storage account\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"accessRulesInEventHubNamespaceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hub namespaces\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hub namespaces\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"accessRulesInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hubs\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL vulnerability assessment results\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor maximum number of owners\",\r\n \"description\": \"Enable or disable the monitoring of maximum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor minimus number of owners\",\r\n \"description\": \"Enable or disable the monitoring of minimum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Function App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Web App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Function App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Web App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for API App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Function App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Web App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in API App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in function App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in Web App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Function\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Function\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Web\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in API App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Function App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Web App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in API App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in Web App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in API App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestNodeJsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Node.js in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Node.js version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in API App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in Web App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in API App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use of DDoS protection for virtual network\",\r\n \"description\": \"Enable or disable the monitoring of DDoS protection for virtual network\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubNamespaceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"useRbacRulesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('useRbacRulesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInStreamAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"secureTransferToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('secureTransferToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInSqlServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInSqlServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"clusterProtectionLevelInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInRedisCacheMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInKeyVaultMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeStoreMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicStorageAccountsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicStorageAccountsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteStart\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteStartEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteComplete\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteCompleteEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"encryptionOfAutomationAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('encryptionOfAutomationAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInAppServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInAppServiceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"storageEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('storageEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemConfigurationsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemConfigurationsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('endpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webApplicationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webApplicationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateLessThanOwnersMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateLessThanOwnersMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateMoreThanOneOwnerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestNodeJsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestNodeJsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vnetEnableDDoSProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vnetEnableDDoSProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"25ef9b72-4af2-4501-acd1-fc814e73dde1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Password security settings inside Linux and Windows virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This policy will audit password security settings inside Linux and Windows virtual machines. For a list of individual settings, please follow the aka.ms link to Azure Policy documentation.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55f3eceb-5573-4f18-9695-226972c6d74a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"75714362-cae7-409e-9b99-a8e5075b7fad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web server security settings inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This initiative will both deploy the VM extension and audit web server security settings inside Windows VMs.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8bc55e6b-e9d5-4266-8dac-f688d151ec9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Data Protection Suite\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c937dcb4-4398-4b39-8d63-4a6be432252e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d7fff7ea-9d47-4952-b854-b7da261e48f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f48bcc78-5400-4fb0-b913-5140a2e5fa20\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce VM Port Lockdown\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Enforces that specific port ranges have access restricted to either CorpNet or SAW (depending on source IP range chosen during assignment)\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\",\r\n \"parameterScopes\": {\r\n \"access\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"SOURCEADDRESSPREFIXES_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"5930870351761903477\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389\",\r\n \"3389-3390\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"14554220312663270802\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"5986\",\r\n \"5985\",\r\n \"5985-5986\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"9245329265770241913\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"22\",\r\n \"22-22\",\r\n \"22-23\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"17233112498738905251\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"23\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"11847028610508251009\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"1433\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5782128531867937477\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"445\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6932989581576954984\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"135\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"797444469315623872\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d7b13c30-e6aa-47e1-b50a-8e33f152d086\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389\",\r\n \"3389-3390\",\r\n \"5986\",\r\n \"5985\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"22-22\",\r\n \"22-23\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6167651208609008778\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5487397055645750292\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/210ed8bd-6b07-4d5e-a62c-c34f07293288\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389-3390\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5721159336579598604\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389-3390\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n },\r\n \"priority\": {\r\n \"value\": \"3997\"\r\n },\r\n \"access\": {\r\n \"value\": \"Allow\"\r\n },\r\n \"name\": {\r\n \"value\": \"PortLockdown_ControlledPorts_Restrict\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"783328307102833297\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": [\r\n \"VirtualNetwork\"\r\n ]\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389-3390\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n },\r\n \"priority\": {\r\n \"value\": \"3998\"\r\n },\r\n \"access\": {\r\n \"value\": \"Allow\"\r\n },\r\n \"name\": {\r\n \"value\": \"PortLockdown_ControlledPorts_AllowVnet\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13264874163570265928\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": [\r\n \"*\"\r\n ]\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389-3390\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n },\r\n \"priority\": {\r\n \"value\": \"3999\"\r\n },\r\n \"access\": {\r\n \"value\": \"Deny\"\r\n },\r\n \"name\": {\r\n \"value\": \"PortLockdown_ControlledPorts_Deny\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"10868451132156218171\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": [\r\n \"*\"\r\n ]\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"*\"\r\n ]\r\n },\r\n \"priority\": {\r\n \"value\": \"4000\"\r\n },\r\n \"access\": {\r\n \"value\": \"Allow\"\r\n },\r\n \"name\": {\r\n \"value\": \"PortLockdown_AllowAll\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7115\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"20c4afd0-8a77-4433-b8b0-4ad06e4c7115\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"cosmosdb new aliases test\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"5701618597132748228\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"9148562625737659571\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1317257300482699336\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"636235743263978372\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6540762518326135304\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"16237668974108817340\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/37501145-d01b-4bc8-92d0-c795a19fd164\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd164\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Initiative containing some definitions with deployIfNotExists effect\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9705281775767545600\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"3301615874834833614\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8044870099827093134\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/471eddb2-9421-4b81-8a25-3a0b849544dd\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"471eddb2-9421-4b81-8a25-3a0b849544dd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Initiative with all DeployIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This initiative does the following:\\nDeploy log analytics agent for windows VMs if the VM image is in the list.\\nDeploy dependency agent for windows VMs if the VM image is in the list.\\nDeploy VM extension for Microsoft Guest configuration.\\nDeploy threat detection on SQL servers.\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"10987062065622974413\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourcegroups/robgatestworkspace/providers/microsoft.operationalinsights/workspaces/robgatestworkspace\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"10737899326468628454\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1633155469258918721\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"3301615874834833614\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/61d6052b-cfd5-4ba4-bde7-8301ffb715b2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"61d6052b-cfd5-4ba4-bde7-8301ffb715b2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"6346022531429970426\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/71289c53-22e7-4f31-a6dd-780b532380c6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgatestinitmultiparam\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"TAGNAME_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name1\"\r\n }\r\n },\r\n \"TAGVALUE_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value1\"\r\n }\r\n },\r\n \"TAGNAME_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name2\"\r\n }\r\n },\r\n \"TAGVALUE_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value2\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"7154720483946859542\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_1')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"14987881155449304382\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_2')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/73933cd4-bc06-4e14-8166-3a7109eca21b\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"73933cd4-bc06-4e14-8166-3a7109eca21b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed set\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"LISTOFALLOWEDSKUS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n },\r\n \"LISTOFRESOURCETYPESNOTALLOWED_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"8962248944013962433\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"value\": \"[parameters('LISTOFALLOWEDSKUS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13081098409154781365\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"value\": \"[parameters('LISTOFRESOURCETYPESNOTALLOWED_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/762007ec-c5ba-41ae-a52d-db0834bea096\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"762007ec-c5ba-41ae-a52d-db0834bea096\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"TestAdditionalResourceType\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4146325350290724164\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Sql/servers/firewallRules\",\r\n \"TrendMicro.DeepSecurity/listCommunicationPreference\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/80894954-5ae1-4391-975d-630e5586d07a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"80894954-5ae1-4391-975d-630e5586d07a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim rt group set\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"1\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"ALLOWEDTYPES_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": null,\r\n \"strongType\": \"resourceTypes\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.EventGrid/domains\",\r\n \"Microsoft.EventGrid/domains/topics\",\r\n \"Microsoft.EventGrid/locations\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"18341726042324576950\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Cdn/checkNameAvailability\",\r\n \"Microsoft.Cdn/checkResourceUsage\",\r\n \"Microsoft.Cdn/profiles\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1359233886895761531\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"value\": \"[parameters('ALLOWEDTYPES_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/82d42e20-f682-48dc-95b1-144f0963f0c1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"82d42e20-f682-48dc-95b1-144f0963f0c1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"tags\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9736595915162791837\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t1\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t1v\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5376449293497609056\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t2\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t2v\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/875cf75e-49c3-47f8-ab8d-89ba3d2311a0\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"875cf75e-49c3-47f8-ab8d-89ba3d2311a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ComplianceTestInitiative\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Compliance test initiative \",\r\n \"metadata\": {\r\n \"category\": \"Compliance test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4047897157028507992\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"4859121137597195236\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"centralus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8935913113203900114\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus2\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/a03db67e-a286-43c3-9098-b2da83d361ad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"a03db67e-a286-43c3-9098-b2da83d361ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Azure monitor\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"3178424317310892118\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"4272332260627975108\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/cd5cafc8-25f1-443b-a0d5-a37d8cb782cf\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"cd5cafc8-25f1-443b-a0d5-a37d8cb782cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test_sandipsh123\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/db6c5074-a529-4cc8-8882-43f10ef42002\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"db6c5074-a529-4cc8-8882-43f10ef42002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MuratTest\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"murat\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ersan\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"testupdate\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ignite\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Initiative with my parameterized effect policy\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"EFFECT_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Initiative effect\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"16025301204423402856\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"audit\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"15232055014610564026\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('EFFECT_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e6884163-54c6-4f5e-9570-9e4cbd95b078\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e6884163-54c6-4f5e-9570-9e4cbd95b078\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Initiative with parameterized deployIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"parameterScopes\": {\r\n \"namePattern\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"EFFECT_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"strongType\": \"omsWorkspace\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"7548235847093577126\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[parameters('EFFECT_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"94784994378515624\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign\",\r\n \"parameters\": {\r\n \"namePattern\": {\r\n \"value\": \"one\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/fbcd550f-aeec-40fc-b92f-96aece1f50cd\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"fbcd550f-aeec-40fc-b92f-96aece1f50cd\"\r\n }\r\n ]\r\n}", + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Monitoring in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor system updates\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor OS vulnerabilities\",\r\n \"description\": \"Enable or disable OS vulnerabilities monitoring (based on a configured baseline)\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor endpoint protection\",\r\n \"description\": \"Enable or disable endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disk encryption\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor network security groups\",\r\n \"description\": \"Enable or disable monitoring of network security groups with permissive rules\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webApplicationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor web application firewall\",\r\n \"description\": \"Enable or disable the monitoring of unprotected web applications\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Next Generation Firewall (NGFW) monitoring\",\r\n \"description\": \"Enable or disable monitoring network endpoints without a Next Generation Firewall\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor vulnerability assesment\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"storageEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor storage blob encryption\",\r\n \"description\": \"Enable or disable the monitoring of blob encryption for storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor JIT network access\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor application whitelisting\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL Servers auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL Servers\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInAppServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure App Services\",\r\n \"description\": \"Enable or disable the monitoring of diagnostics logs in Azure App Services\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"encryptionOfAutomationAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor encryption of automation accounts\",\r\n \"description\": \"Enable or disable the monitoring of automation account encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"metricAlertsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor metric alerts in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of metric alerts in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic compute VMs\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"classicStorageAccountsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of classic storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Analytics accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Analytics accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Store accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Store accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Event Hub accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInKeyVaultMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Key Vault vaults\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Key Vault vaults\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInKeyVaultRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Key Vault vaults\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Logic Apps workflows\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInLogicAppsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Redis Cache\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Redis Cache\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Search service\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Azure Active Directory authentication in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"clusterProtectionLevelInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor cluster protection level in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of cluster protection level in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Bus\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Bus\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceBusRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Service Bus\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Service Bus namespace authorization rules\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the provisioning of an Azure AD admininistrator for SQL server\",\r\n \"description\": \"Enable or disable the monitoring of an Azure AD admininistrator for SQL server\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the secure transfer to storage account\",\r\n \"description\": \"Enable or disable the monitoring of secure transfer to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Stream Analytics\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Stream Analytics\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Stream Analytics\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"useRbacRulesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor of using built-in RBAC rules\",\r\n \"description\": \"Enable or disable the monitoring of using built-in RBAC rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disabling of unrestricted network access to storage account\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"accessRulesInEventHubNamespaceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hub namespaces\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hub namespaces\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"accessRulesInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hubs\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL vulnerability assessment results\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor maximum number of owners\",\r\n \"description\": \"Enable or disable the monitoring of maximum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor minimus number of owners\",\r\n \"description\": \"Enable or disable the monitoring of minimum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Function App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Web App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Function App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Web App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for API App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Function App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Web App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in API App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in function App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in Web App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Function\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Function\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Web\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in API App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Function App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Web App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in API App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in Web App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in API App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestNodeJsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Node.js in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Node.js version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in API App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in Web App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in API App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use of DDoS protection for virtual network\",\r\n \"description\": \"Enable or disable the monitoring of DDoS protection for virtual network\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in IoT Hubs\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in IoT Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in IoT Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInIoTHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubNamespaceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"useRbacRulesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('useRbacRulesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInStreamAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"secureTransferToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('secureTransferToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInSqlServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInSqlServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"clusterProtectionLevelInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInRedisCacheMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInKeyVaultMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeStoreMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicStorageAccountsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicStorageAccountsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteStart\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteStartEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"encryptionOfAutomationAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('encryptionOfAutomationAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInAppServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInAppServiceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"storageEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('storageEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemConfigurationsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemConfigurationsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('endpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webApplicationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webApplicationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateLessThanOwnersMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateLessThanOwnersMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateMoreThanOneOwnerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestNodeJsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestNodeJsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vnetEnableDDoSProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vnetEnableDDoSProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"25ef9b72-4af2-4501-acd1-fc814e73dde1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Password security settings inside Linux and Windows virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This policy will audit password security settings inside Linux and Windows virtual machines. For a list of individual settings, please follow the aka.ms link to Azure Policy documentation.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55f3eceb-5573-4f18-9695-226972c6d74a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"75714362-cae7-409e-9b99-a8e5075b7fad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web server security settings inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This initiative will both deploy the VM extension and audit web server security settings inside Windows VMs.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8bc55e6b-e9d5-4266-8dac-f688d151ec9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Data Protection Suite\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c937dcb4-4398-4b39-8d63-4a6be432252e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d7fff7ea-9d47-4952-b854-b7da261e48f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f48bcc78-5400-4fb0-b913-5140a2e5fa20\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Azure Monitor\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains many policies with DeployIfNotExists effect with assignPermissions set at the parameter at the individual policy definition level.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_2\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4755676876307240960\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13418251844728914181\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"12068070188350812865\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8310573323379365078\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"560174196401503668\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"7752708915834271964\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/2476fb6f-011e-4bc4-9d07-ba137949735d\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"2476fb6f-011e-4bc4-9d07-ba137949735d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : No DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains no policies with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"LISTOFIMAGEIDTOINCLUDE_WINDOWS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_LINUX_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"492067171675640903\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"2492943854376579140\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/351907c4-cd47-4e63-8246-c591645a58d6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"351907c4-cd47-4e63-8246-c591645a58d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"cosmosdb new aliases test\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"5701618597132748228\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"9148562625737659571\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1317257300482699336\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"636235743263978372\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6540762518326135304\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"16237668974108817340\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/37501145-d01b-4bc8-92d0-c795a19fd164\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd164\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Initiative containing some definitions with deployIfNotExists effect\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9705281775767545600\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"3301615874834833614\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8044870099827093134\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/471eddb2-9421-4b81-8a25-3a0b849544dd\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"471eddb2-9421-4b81-8a25-3a0b849544dd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"6346022531429970426\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/71289c53-22e7-4f31-a6dd-780b532380c6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgatestinitmultiparam\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"TAGNAME_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name1\"\r\n }\r\n },\r\n \"TAGVALUE_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value1\"\r\n }\r\n },\r\n \"TAGNAME_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name2\"\r\n }\r\n },\r\n \"TAGVALUE_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value2\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"7154720483946859542\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_1')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"14987881155449304382\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_2')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/73933cd4-bc06-4e14-8166-3a7109eca21b\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"73933cd4-bc06-4e14-8166-3a7109eca21b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : One DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains one policy with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n },\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": null,\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_WINDOWS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_LINUX_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"12822089530504669560\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"492067171675640903\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"2492943854376579140\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/74016c36-0a9a-436a-8436-291d54eab1a2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"74016c36-0a9a-436a-8436-291d54eab1a2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed set\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"LISTOFALLOWEDSKUS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n },\r\n \"LISTOFRESOURCETYPESNOTALLOWED_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"8962248944013962433\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"value\": \"[parameters('LISTOFALLOWEDSKUS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13081098409154781365\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"value\": \"[parameters('LISTOFRESOURCETYPESNOTALLOWED_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/762007ec-c5ba-41ae-a52d-db0834bea096\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"762007ec-c5ba-41ae-a52d-db0834bea096\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"TestAdditionalResourceType\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4146325350290724164\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Sql/servers/firewallRules\",\r\n \"TrendMicro.DeepSecurity/listCommunicationPreference\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/80894954-5ae1-4391-975d-630e5586d07a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"80894954-5ae1-4391-975d-630e5586d07a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim rt group set\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"1\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"ALLOWEDTYPES_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": null,\r\n \"strongType\": \"resourceTypes\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.EventGrid/domains\",\r\n \"Microsoft.EventGrid/domains/topics\",\r\n \"Microsoft.EventGrid/locations\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"18341726042324576950\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Cdn/checkNameAvailability\",\r\n \"Microsoft.Cdn/checkResourceUsage\",\r\n \"Microsoft.Cdn/profiles\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1359233886895761531\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"value\": \"[parameters('ALLOWEDTYPES_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/82d42e20-f682-48dc-95b1-144f0963f0c1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"82d42e20-f682-48dc-95b1-144f0963f0c1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"tags\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9736595915162791837\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t1\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t1v\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5376449293497609056\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t2\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t2v\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/875cf75e-49c3-47f8-ab8d-89ba3d2311a0\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"875cf75e-49c3-47f8-ab8d-89ba3d2311a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ComplianceTestInitiative\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Compliance test initiative \",\r\n \"metadata\": {\r\n \"category\": \"Compliance test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4047897157028507992\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"4859121137597195236\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"centralus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8935913113203900114\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus2\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/a03db67e-a286-43c3-9098-b2da83d361ad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"a03db67e-a286-43c3-9098-b2da83d361ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : DINE mulitple policies with no role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"storageAccountsResourceGroup\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9705281775767545600\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"661064339838764944\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195\",\r\n \"parameters\": {\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"rohitbhtest\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/b03bf722-f2a8-4a84-8af6-f43b28b5a917\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"b03bf722-f2a8-4a84-8af6-f43b28b5a917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgaparamtest\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"LISTOFRESOURCETYPESNOTALLOWED_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"13081098409154781365\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"value\": \"[parameters('LISTOFRESOURCETYPESNOTALLOWED_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/c020e9eb-47d4-434a-8627-e202808ed117\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c020e9eb-47d4-434a-8627-e202808ed117\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Many DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains many policies with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": null,\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_2\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4755676876307240960\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13418251844728914181\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"12068070188350812865\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8310573323379365078\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"560174196401503668\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"7752708915834271964\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/da84593c-b133-40c2-8524-c79fd38e7450\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7450\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test_sandipsh123\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/db6c5074-a529-4cc8-8882-43f10ef42002\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"db6c5074-a529-4cc8-8882-43f10ef42002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MuratTest\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"murat\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ersan\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"testupdate\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ignite\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Initiative with my parameterized effect policy\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"EFFECT_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Initiative effect\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"16025301204423402856\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"audit\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"15232055014610564026\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('EFFECT_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e6884163-54c6-4f5e-9570-9e4cbd95b078\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e6884163-54c6-4f5e-9570-9e4cbd95b078\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"6782502132987446742\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9867\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/ps3866\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"ps3866\"\r\n }\r\n ]\r\n}", "StatusCode": 200 }, { @@ -92,16 +92,16 @@ "Accept-Encoding" ], "x-ms-request-id": [ - "westus2:8c226020-e7fd-4d6a-9e06-dc94c8109c6a" + "westus2:dc65d49b-6655-44b0-9673-22e3392d4323" ], "x-ms-ratelimit-remaining-subscription-reads": [ - "11996" + "11999" ], "x-ms-correlation-request-id": [ - "973102b2-579d-4b2b-8d63-d2df664a95e3" + "50fd539d-6f24-4e12-8f08-8644508edfa7" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T213603Z:973102b2-579d-4b2b-8d63-d2df664a95e3" + "WESTUS2:20190116T193619Z:50fd539d-6f24-4e12-8f08-8644508edfa7" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -110,10 +110,10 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:36:03 GMT" + "Wed, 16 Jan 2019 19:36:18 GMT" ], "Content-Length": [ - "91044" + "93897" ], "Content-Type": [ "application/json; charset=utf-8" @@ -125,7 +125,7 @@ "0" ] }, - "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Monitoring in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor system updates\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor OS vulnerabilities\",\r\n \"description\": \"Enable or disable OS vulnerabilities monitoring (based on a configured baseline)\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor endpoint protection\",\r\n \"description\": \"Enable or disable endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disk encryption\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor network security groups\",\r\n \"description\": \"Enable or disable monitoring of network security groups with permissive rules\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webApplicationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor web application firewall\",\r\n \"description\": \"Enable or disable the monitoring of unprotected web applications\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Next Generation Firewall (NGFW) monitoring\",\r\n \"description\": \"Enable or disable monitoring network endpoints without a Next Generation Firewall\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor vulnerability assesment\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"storageEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor storage blob encryption\",\r\n \"description\": \"Enable or disable the monitoring of blob encryption for storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor JIT network access\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor application whitelisting\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL Servers auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL Servers\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInAppServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure App Services\",\r\n \"description\": \"Enable or disable the monitoring of diagnostics logs in Azure App Services\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"encryptionOfAutomationAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor encryption of automation accounts\",\r\n \"description\": \"Enable or disable the monitoring of automation account encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"metricAlertsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor metric alerts in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of metric alerts in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic compute VMs\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"classicStorageAccountsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of classic storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Analytics accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Analytics accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Store accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Store accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Event Hub accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInKeyVaultMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Key Vault vaults\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Key Vault vaults\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInKeyVaultRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Key Vault vaults\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Logic Apps workflows\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInLogicAppsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Redis Cache\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Redis Cache\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Search service\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Azure Active Directory authentication in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"clusterProtectionLevelInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor cluster protection level in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of cluster protection level in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Bus\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Bus\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceBusRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Service Bus\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Service Bus namespace authorization rules\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the provisioning of an Azure AD admininistrator for SQL server\",\r\n \"description\": \"Enable or disable the monitoring of an Azure AD admininistrator for SQL server\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the secure transfer to storage account\",\r\n \"description\": \"Enable or disable the monitoring of secure transfer to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Stream Analytics\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Stream Analytics\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Stream Analytics\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"useRbacRulesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor of using built-in RBAC rules\",\r\n \"description\": \"Enable or disable the monitoring of using built-in RBAC rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disabling of unrestricted network access to storage account\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"accessRulesInEventHubNamespaceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hub namespaces\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hub namespaces\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"accessRulesInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hubs\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL vulnerability assessment results\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor maximum number of owners\",\r\n \"description\": \"Enable or disable the monitoring of maximum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor minimus number of owners\",\r\n \"description\": \"Enable or disable the monitoring of minimum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Function App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Web App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Function App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Web App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for API App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Function App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Web App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in API App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in function App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in Web App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Function\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Function\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Web\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in API App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Function App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Web App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in API App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in Web App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in API App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestNodeJsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Node.js in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Node.js version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in API App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in Web App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in API App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use of DDoS protection for virtual network\",\r\n \"description\": \"Enable or disable the monitoring of DDoS protection for virtual network\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubNamespaceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"useRbacRulesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('useRbacRulesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInStreamAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"secureTransferToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('secureTransferToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInSqlServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInSqlServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"clusterProtectionLevelInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInRedisCacheMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInKeyVaultMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeStoreMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicStorageAccountsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicStorageAccountsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteStart\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteStartEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteComplete\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteCompleteEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"encryptionOfAutomationAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('encryptionOfAutomationAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInAppServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInAppServiceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"storageEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('storageEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemConfigurationsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemConfigurationsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('endpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webApplicationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webApplicationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateLessThanOwnersMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateLessThanOwnersMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateMoreThanOneOwnerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestNodeJsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestNodeJsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vnetEnableDDoSProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vnetEnableDDoSProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"25ef9b72-4af2-4501-acd1-fc814e73dde1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Password security settings inside Linux and Windows virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This policy will audit password security settings inside Linux and Windows virtual machines. For a list of individual settings, please follow the aka.ms link to Azure Policy documentation.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55f3eceb-5573-4f18-9695-226972c6d74a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"75714362-cae7-409e-9b99-a8e5075b7fad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web server security settings inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This initiative will both deploy the VM extension and audit web server security settings inside Windows VMs.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8bc55e6b-e9d5-4266-8dac-f688d151ec9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Data Protection Suite\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c937dcb4-4398-4b39-8d63-4a6be432252e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d7fff7ea-9d47-4952-b854-b7da261e48f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f48bcc78-5400-4fb0-b913-5140a2e5fa20\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce VM Port Lockdown\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Enforces that specific port ranges have access restricted to either CorpNet or SAW (depending on source IP range chosen during assignment)\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\",\r\n \"parameterScopes\": {\r\n \"access\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"SOURCEADDRESSPREFIXES_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"5930870351761903477\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389\",\r\n \"3389-3390\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"14554220312663270802\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"5986\",\r\n \"5985\",\r\n \"5985-5986\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"9245329265770241913\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"22\",\r\n \"22-22\",\r\n \"22-23\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"17233112498738905251\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"23\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"11847028610508251009\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"1433\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5782128531867937477\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"445\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6932989581576954984\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"135\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"797444469315623872\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d7b13c30-e6aa-47e1-b50a-8e33f152d086\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389\",\r\n \"3389-3390\",\r\n \"5986\",\r\n \"5985\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"22-22\",\r\n \"22-23\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6167651208609008778\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5487397055645750292\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/210ed8bd-6b07-4d5e-a62c-c34f07293288\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389-3390\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5721159336579598604\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389-3390\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n },\r\n \"priority\": {\r\n \"value\": \"3997\"\r\n },\r\n \"access\": {\r\n \"value\": \"Allow\"\r\n },\r\n \"name\": {\r\n \"value\": \"PortLockdown_ControlledPorts_Restrict\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"783328307102833297\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": [\r\n \"VirtualNetwork\"\r\n ]\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389-3390\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n },\r\n \"priority\": {\r\n \"value\": \"3998\"\r\n },\r\n \"access\": {\r\n \"value\": \"Allow\"\r\n },\r\n \"name\": {\r\n \"value\": \"PortLockdown_ControlledPorts_AllowVnet\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13264874163570265928\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": [\r\n \"*\"\r\n ]\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389-3390\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n },\r\n \"priority\": {\r\n \"value\": \"3999\"\r\n },\r\n \"access\": {\r\n \"value\": \"Deny\"\r\n },\r\n \"name\": {\r\n \"value\": \"PortLockdown_ControlledPorts_Deny\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"10868451132156218171\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": [\r\n \"*\"\r\n ]\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"*\"\r\n ]\r\n },\r\n \"priority\": {\r\n \"value\": \"4000\"\r\n },\r\n \"access\": {\r\n \"value\": \"Allow\"\r\n },\r\n \"name\": {\r\n \"value\": \"PortLockdown_AllowAll\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7115\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"20c4afd0-8a77-4433-b8b0-4ad06e4c7115\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"cosmosdb new aliases test\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"5701618597132748228\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"9148562625737659571\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1317257300482699336\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"636235743263978372\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6540762518326135304\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"16237668974108817340\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/37501145-d01b-4bc8-92d0-c795a19fd164\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd164\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Initiative containing some definitions with deployIfNotExists effect\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9705281775767545600\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"3301615874834833614\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8044870099827093134\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/471eddb2-9421-4b81-8a25-3a0b849544dd\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"471eddb2-9421-4b81-8a25-3a0b849544dd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Initiative with all DeployIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This initiative does the following:\\nDeploy log analytics agent for windows VMs if the VM image is in the list.\\nDeploy dependency agent for windows VMs if the VM image is in the list.\\nDeploy VM extension for Microsoft Guest configuration.\\nDeploy threat detection on SQL servers.\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"10987062065622974413\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourcegroups/robgatestworkspace/providers/microsoft.operationalinsights/workspaces/robgatestworkspace\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"10737899326468628454\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1633155469258918721\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"3301615874834833614\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/61d6052b-cfd5-4ba4-bde7-8301ffb715b2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"61d6052b-cfd5-4ba4-bde7-8301ffb715b2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"6346022531429970426\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/71289c53-22e7-4f31-a6dd-780b532380c6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgatestinitmultiparam\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"TAGNAME_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name1\"\r\n }\r\n },\r\n \"TAGVALUE_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value1\"\r\n }\r\n },\r\n \"TAGNAME_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name2\"\r\n }\r\n },\r\n \"TAGVALUE_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value2\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"7154720483946859542\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_1')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"14987881155449304382\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_2')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/73933cd4-bc06-4e14-8166-3a7109eca21b\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"73933cd4-bc06-4e14-8166-3a7109eca21b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed set\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"LISTOFALLOWEDSKUS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n },\r\n \"LISTOFRESOURCETYPESNOTALLOWED_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"8962248944013962433\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"value\": \"[parameters('LISTOFALLOWEDSKUS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13081098409154781365\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"value\": \"[parameters('LISTOFRESOURCETYPESNOTALLOWED_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/762007ec-c5ba-41ae-a52d-db0834bea096\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"762007ec-c5ba-41ae-a52d-db0834bea096\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"TestAdditionalResourceType\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4146325350290724164\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Sql/servers/firewallRules\",\r\n \"TrendMicro.DeepSecurity/listCommunicationPreference\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/80894954-5ae1-4391-975d-630e5586d07a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"80894954-5ae1-4391-975d-630e5586d07a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim rt group set\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"1\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"ALLOWEDTYPES_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": null,\r\n \"strongType\": \"resourceTypes\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.EventGrid/domains\",\r\n \"Microsoft.EventGrid/domains/topics\",\r\n \"Microsoft.EventGrid/locations\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"18341726042324576950\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Cdn/checkNameAvailability\",\r\n \"Microsoft.Cdn/checkResourceUsage\",\r\n \"Microsoft.Cdn/profiles\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1359233886895761531\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"value\": \"[parameters('ALLOWEDTYPES_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/82d42e20-f682-48dc-95b1-144f0963f0c1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"82d42e20-f682-48dc-95b1-144f0963f0c1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"tags\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9736595915162791837\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t1\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t1v\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5376449293497609056\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t2\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t2v\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/875cf75e-49c3-47f8-ab8d-89ba3d2311a0\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"875cf75e-49c3-47f8-ab8d-89ba3d2311a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ComplianceTestInitiative\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Compliance test initiative \",\r\n \"metadata\": {\r\n \"category\": \"Compliance test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4047897157028507992\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"4859121137597195236\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"centralus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8935913113203900114\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus2\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/a03db67e-a286-43c3-9098-b2da83d361ad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"a03db67e-a286-43c3-9098-b2da83d361ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Azure monitor\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"3178424317310892118\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"4272332260627975108\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/cd5cafc8-25f1-443b-a0d5-a37d8cb782cf\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"cd5cafc8-25f1-443b-a0d5-a37d8cb782cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test_sandipsh123\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/db6c5074-a529-4cc8-8882-43f10ef42002\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"db6c5074-a529-4cc8-8882-43f10ef42002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MuratTest\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"murat\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ersan\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"testupdate\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ignite\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Initiative with my parameterized effect policy\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"EFFECT_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Initiative effect\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"16025301204423402856\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"audit\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"15232055014610564026\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('EFFECT_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e6884163-54c6-4f5e-9570-9e4cbd95b078\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e6884163-54c6-4f5e-9570-9e4cbd95b078\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Initiative with parameterized deployIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"parameterScopes\": {\r\n \"namePattern\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"EFFECT_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"strongType\": \"omsWorkspace\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"7548235847093577126\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[parameters('EFFECT_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"94784994378515624\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign\",\r\n \"parameters\": {\r\n \"namePattern\": {\r\n \"value\": \"one\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/fbcd550f-aeec-40fc-b92f-96aece1f50cd\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"fbcd550f-aeec-40fc-b92f-96aece1f50cd\"\r\n }\r\n ]\r\n}", + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Monitoring in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor system updates\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor OS vulnerabilities\",\r\n \"description\": \"Enable or disable OS vulnerabilities monitoring (based on a configured baseline)\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor endpoint protection\",\r\n \"description\": \"Enable or disable endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disk encryption\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor network security groups\",\r\n \"description\": \"Enable or disable monitoring of network security groups with permissive rules\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webApplicationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor web application firewall\",\r\n \"description\": \"Enable or disable the monitoring of unprotected web applications\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Next Generation Firewall (NGFW) monitoring\",\r\n \"description\": \"Enable or disable monitoring network endpoints without a Next Generation Firewall\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor vulnerability assesment\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"storageEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor storage blob encryption\",\r\n \"description\": \"Enable or disable the monitoring of blob encryption for storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor JIT network access\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor application whitelisting\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL Servers auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL Servers\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInAppServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure App Services\",\r\n \"description\": \"Enable or disable the monitoring of diagnostics logs in Azure App Services\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"encryptionOfAutomationAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor encryption of automation accounts\",\r\n \"description\": \"Enable or disable the monitoring of automation account encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"metricAlertsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor metric alerts in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of metric alerts in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic compute VMs\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"classicStorageAccountsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of classic storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Analytics accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Analytics accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Store accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Store accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Event Hub accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInKeyVaultMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Key Vault vaults\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Key Vault vaults\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInKeyVaultRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Key Vault vaults\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Logic Apps workflows\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInLogicAppsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Redis Cache\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Redis Cache\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Search service\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Azure Active Directory authentication in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"clusterProtectionLevelInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor cluster protection level in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of cluster protection level in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Bus\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Bus\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceBusRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Service Bus\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Service Bus namespace authorization rules\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the provisioning of an Azure AD admininistrator for SQL server\",\r\n \"description\": \"Enable or disable the monitoring of an Azure AD admininistrator for SQL server\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the secure transfer to storage account\",\r\n \"description\": \"Enable or disable the monitoring of secure transfer to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Stream Analytics\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Stream Analytics\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Stream Analytics\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"useRbacRulesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor of using built-in RBAC rules\",\r\n \"description\": \"Enable or disable the monitoring of using built-in RBAC rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disabling of unrestricted network access to storage account\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"accessRulesInEventHubNamespaceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hub namespaces\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hub namespaces\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"accessRulesInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hubs\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL vulnerability assessment results\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor maximum number of owners\",\r\n \"description\": \"Enable or disable the monitoring of maximum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor minimus number of owners\",\r\n \"description\": \"Enable or disable the monitoring of minimum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Function App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Web App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Function App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Web App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for API App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Function App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Web App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in API App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in function App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in Web App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Function\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Function\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Web\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in API App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Function App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Web App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in API App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in Web App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in API App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestNodeJsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Node.js in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Node.js version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in API App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in Web App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in API App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use of DDoS protection for virtual network\",\r\n \"description\": \"Enable or disable the monitoring of DDoS protection for virtual network\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in IoT Hubs\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in IoT Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in IoT Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInIoTHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubNamespaceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"useRbacRulesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('useRbacRulesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInStreamAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"secureTransferToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('secureTransferToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInSqlServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInSqlServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"clusterProtectionLevelInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInRedisCacheMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInKeyVaultMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeStoreMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicStorageAccountsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicStorageAccountsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteStart\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteStartEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"encryptionOfAutomationAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('encryptionOfAutomationAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInAppServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInAppServiceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"storageEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('storageEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemConfigurationsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemConfigurationsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('endpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webApplicationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webApplicationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateLessThanOwnersMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateLessThanOwnersMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateMoreThanOneOwnerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestNodeJsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestNodeJsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vnetEnableDDoSProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vnetEnableDDoSProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"25ef9b72-4af2-4501-acd1-fc814e73dde1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Password security settings inside Linux and Windows virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This policy will audit password security settings inside Linux and Windows virtual machines. For a list of individual settings, please follow the aka.ms link to Azure Policy documentation.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55f3eceb-5573-4f18-9695-226972c6d74a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"75714362-cae7-409e-9b99-a8e5075b7fad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web server security settings inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This initiative will both deploy the VM extension and audit web server security settings inside Windows VMs.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8bc55e6b-e9d5-4266-8dac-f688d151ec9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Data Protection Suite\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c937dcb4-4398-4b39-8d63-4a6be432252e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d7fff7ea-9d47-4952-b854-b7da261e48f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f48bcc78-5400-4fb0-b913-5140a2e5fa20\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Azure Monitor\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains many policies with DeployIfNotExists effect with assignPermissions set at the parameter at the individual policy definition level.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_2\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4755676876307240960\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13418251844728914181\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"12068070188350812865\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8310573323379365078\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"560174196401503668\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"7752708915834271964\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/2476fb6f-011e-4bc4-9d07-ba137949735d\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"2476fb6f-011e-4bc4-9d07-ba137949735d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : No DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains no policies with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"LISTOFIMAGEIDTOINCLUDE_WINDOWS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_LINUX_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"492067171675640903\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"2492943854376579140\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/351907c4-cd47-4e63-8246-c591645a58d6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"351907c4-cd47-4e63-8246-c591645a58d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"cosmosdb new aliases test\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"5701618597132748228\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"9148562625737659571\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1317257300482699336\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"636235743263978372\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6540762518326135304\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"16237668974108817340\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/37501145-d01b-4bc8-92d0-c795a19fd164\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd164\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Initiative containing some definitions with deployIfNotExists effect\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9705281775767545600\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"3301615874834833614\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8044870099827093134\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/471eddb2-9421-4b81-8a25-3a0b849544dd\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"471eddb2-9421-4b81-8a25-3a0b849544dd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"6346022531429970426\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/71289c53-22e7-4f31-a6dd-780b532380c6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgatestinitmultiparam\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"TAGNAME_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name1\"\r\n }\r\n },\r\n \"TAGVALUE_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value1\"\r\n }\r\n },\r\n \"TAGNAME_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name2\"\r\n }\r\n },\r\n \"TAGVALUE_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value2\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"7154720483946859542\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_1')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"14987881155449304382\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_2')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/73933cd4-bc06-4e14-8166-3a7109eca21b\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"73933cd4-bc06-4e14-8166-3a7109eca21b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : One DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains one policy with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n },\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": null,\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_WINDOWS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_LINUX_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"12822089530504669560\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"492067171675640903\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"2492943854376579140\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/74016c36-0a9a-436a-8436-291d54eab1a2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"74016c36-0a9a-436a-8436-291d54eab1a2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed set\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"LISTOFALLOWEDSKUS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n },\r\n \"LISTOFRESOURCETYPESNOTALLOWED_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"8962248944013962433\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"value\": \"[parameters('LISTOFALLOWEDSKUS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13081098409154781365\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"value\": \"[parameters('LISTOFRESOURCETYPESNOTALLOWED_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/762007ec-c5ba-41ae-a52d-db0834bea096\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"762007ec-c5ba-41ae-a52d-db0834bea096\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"TestAdditionalResourceType\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4146325350290724164\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Sql/servers/firewallRules\",\r\n \"TrendMicro.DeepSecurity/listCommunicationPreference\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/80894954-5ae1-4391-975d-630e5586d07a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"80894954-5ae1-4391-975d-630e5586d07a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim rt group set\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"1\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"ALLOWEDTYPES_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": null,\r\n \"strongType\": \"resourceTypes\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.EventGrid/domains\",\r\n \"Microsoft.EventGrid/domains/topics\",\r\n \"Microsoft.EventGrid/locations\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"18341726042324576950\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Cdn/checkNameAvailability\",\r\n \"Microsoft.Cdn/checkResourceUsage\",\r\n \"Microsoft.Cdn/profiles\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1359233886895761531\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"value\": \"[parameters('ALLOWEDTYPES_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/82d42e20-f682-48dc-95b1-144f0963f0c1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"82d42e20-f682-48dc-95b1-144f0963f0c1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"tags\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9736595915162791837\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t1\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t1v\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5376449293497609056\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t2\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t2v\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/875cf75e-49c3-47f8-ab8d-89ba3d2311a0\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"875cf75e-49c3-47f8-ab8d-89ba3d2311a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ComplianceTestInitiative\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Compliance test initiative \",\r\n \"metadata\": {\r\n \"category\": \"Compliance test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4047897157028507992\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"4859121137597195236\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"centralus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8935913113203900114\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus2\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/a03db67e-a286-43c3-9098-b2da83d361ad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"a03db67e-a286-43c3-9098-b2da83d361ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : DINE mulitple policies with no role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"storageAccountsResourceGroup\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9705281775767545600\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"661064339838764944\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195\",\r\n \"parameters\": {\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"rohitbhtest\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/b03bf722-f2a8-4a84-8af6-f43b28b5a917\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"b03bf722-f2a8-4a84-8af6-f43b28b5a917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgaparamtest\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"LISTOFRESOURCETYPESNOTALLOWED_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"13081098409154781365\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"value\": \"[parameters('LISTOFRESOURCETYPESNOTALLOWED_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/c020e9eb-47d4-434a-8627-e202808ed117\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c020e9eb-47d4-434a-8627-e202808ed117\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Many DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains many policies with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": null,\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_2\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4755676876307240960\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13418251844728914181\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"12068070188350812865\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8310573323379365078\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"560174196401503668\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"7752708915834271964\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/da84593c-b133-40c2-8524-c79fd38e7450\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7450\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test_sandipsh123\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/db6c5074-a529-4cc8-8882-43f10ef42002\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"db6c5074-a529-4cc8-8882-43f10ef42002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MuratTest\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"murat\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ersan\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"testupdate\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ignite\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Initiative with my parameterized effect policy\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"EFFECT_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Initiative effect\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"16025301204423402856\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"audit\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"15232055014610564026\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('EFFECT_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e6884163-54c6-4f5e-9570-9e4cbd95b078\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e6884163-54c6-4f5e-9570-9e4cbd95b078\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"6782502132987446742\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9867\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/ps3866\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"ps3866\"\r\n }\r\n ]\r\n}", "StatusCode": 200 }, { @@ -156,16 +156,16 @@ "Accept-Encoding" ], "x-ms-request-id": [ - "westus2:31a5077b-b0c3-4181-8c42-aba69e717e17" + "westus2:76ae84e7-ce1e-4b9b-88ad-ed8e3a75a5f9" ], "x-ms-ratelimit-remaining-subscription-reads": [ - "11993" + "11997" ], "x-ms-correlation-request-id": [ - "94361513-4d2b-4c06-b50f-b86c1b3e20db" + "fe6f48a4-118f-47f5-9d5c-30cdaa2481fe" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T213604Z:94361513-4d2b-4c06-b50f-b86c1b3e20db" + "WESTUS2:20190116T193619Z:fe6f48a4-118f-47f5-9d5c-30cdaa2481fe" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -174,10 +174,10 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:36:04 GMT" + "Wed, 16 Jan 2019 19:36:19 GMT" ], "Content-Length": [ - "91044" + "93897" ], "Content-Type": [ "application/json; charset=utf-8" @@ -189,7 +189,7 @@ "0" ] }, - "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Monitoring in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor system updates\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor OS vulnerabilities\",\r\n \"description\": \"Enable or disable OS vulnerabilities monitoring (based on a configured baseline)\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor endpoint protection\",\r\n \"description\": \"Enable or disable endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disk encryption\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor network security groups\",\r\n \"description\": \"Enable or disable monitoring of network security groups with permissive rules\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webApplicationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor web application firewall\",\r\n \"description\": \"Enable or disable the monitoring of unprotected web applications\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Next Generation Firewall (NGFW) monitoring\",\r\n \"description\": \"Enable or disable monitoring network endpoints without a Next Generation Firewall\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor vulnerability assesment\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"storageEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor storage blob encryption\",\r\n \"description\": \"Enable or disable the monitoring of blob encryption for storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor JIT network access\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor application whitelisting\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL Servers auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL Servers\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInAppServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure App Services\",\r\n \"description\": \"Enable or disable the monitoring of diagnostics logs in Azure App Services\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"encryptionOfAutomationAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor encryption of automation accounts\",\r\n \"description\": \"Enable or disable the monitoring of automation account encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"metricAlertsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor metric alerts in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of metric alerts in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic compute VMs\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"classicStorageAccountsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of classic storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Analytics accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Analytics accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Store accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Store accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Event Hub accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInKeyVaultMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Key Vault vaults\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Key Vault vaults\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInKeyVaultRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Key Vault vaults\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Logic Apps workflows\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInLogicAppsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Redis Cache\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Redis Cache\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Search service\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Azure Active Directory authentication in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"clusterProtectionLevelInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor cluster protection level in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of cluster protection level in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Bus\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Bus\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceBusRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Service Bus\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Service Bus namespace authorization rules\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the provisioning of an Azure AD admininistrator for SQL server\",\r\n \"description\": \"Enable or disable the monitoring of an Azure AD admininistrator for SQL server\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the secure transfer to storage account\",\r\n \"description\": \"Enable or disable the monitoring of secure transfer to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Stream Analytics\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Stream Analytics\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Stream Analytics\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"useRbacRulesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor of using built-in RBAC rules\",\r\n \"description\": \"Enable or disable the monitoring of using built-in RBAC rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disabling of unrestricted network access to storage account\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"accessRulesInEventHubNamespaceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hub namespaces\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hub namespaces\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"accessRulesInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hubs\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL vulnerability assessment results\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor maximum number of owners\",\r\n \"description\": \"Enable or disable the monitoring of maximum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor minimus number of owners\",\r\n \"description\": \"Enable or disable the monitoring of minimum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Function App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Web App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Function App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Web App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for API App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Function App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Web App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in API App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in function App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in Web App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Function\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Function\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Web\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in API App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Function App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Web App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in API App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in Web App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in API App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestNodeJsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Node.js in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Node.js version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in API App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in Web App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in API App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use of DDoS protection for virtual network\",\r\n \"description\": \"Enable or disable the monitoring of DDoS protection for virtual network\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubNamespaceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"useRbacRulesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('useRbacRulesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInStreamAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"secureTransferToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('secureTransferToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInSqlServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInSqlServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"clusterProtectionLevelInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInRedisCacheMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInKeyVaultMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeStoreMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicStorageAccountsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicStorageAccountsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteStart\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteStartEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteComplete\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteCompleteEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"encryptionOfAutomationAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('encryptionOfAutomationAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInAppServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInAppServiceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"storageEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('storageEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemConfigurationsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemConfigurationsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('endpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webApplicationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webApplicationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateLessThanOwnersMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateLessThanOwnersMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateMoreThanOneOwnerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestNodeJsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestNodeJsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vnetEnableDDoSProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vnetEnableDDoSProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"25ef9b72-4af2-4501-acd1-fc814e73dde1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Password security settings inside Linux and Windows virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This policy will audit password security settings inside Linux and Windows virtual machines. For a list of individual settings, please follow the aka.ms link to Azure Policy documentation.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55f3eceb-5573-4f18-9695-226972c6d74a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"75714362-cae7-409e-9b99-a8e5075b7fad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web server security settings inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This initiative will both deploy the VM extension and audit web server security settings inside Windows VMs.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8bc55e6b-e9d5-4266-8dac-f688d151ec9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Data Protection Suite\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c937dcb4-4398-4b39-8d63-4a6be432252e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d7fff7ea-9d47-4952-b854-b7da261e48f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f48bcc78-5400-4fb0-b913-5140a2e5fa20\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce VM Port Lockdown\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Enforces that specific port ranges have access restricted to either CorpNet or SAW (depending on source IP range chosen during assignment)\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\",\r\n \"parameterScopes\": {\r\n \"access\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"SOURCEADDRESSPREFIXES_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"5930870351761903477\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389\",\r\n \"3389-3390\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"14554220312663270802\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"5986\",\r\n \"5985\",\r\n \"5985-5986\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"9245329265770241913\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"22\",\r\n \"22-22\",\r\n \"22-23\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"17233112498738905251\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"23\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"11847028610508251009\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"1433\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5782128531867937477\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"445\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6932989581576954984\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"135\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"797444469315623872\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d7b13c30-e6aa-47e1-b50a-8e33f152d086\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389\",\r\n \"3389-3390\",\r\n \"5986\",\r\n \"5985\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"22-22\",\r\n \"22-23\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6167651208609008778\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5487397055645750292\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/210ed8bd-6b07-4d5e-a62c-c34f07293288\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389-3390\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5721159336579598604\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389-3390\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n },\r\n \"priority\": {\r\n \"value\": \"3997\"\r\n },\r\n \"access\": {\r\n \"value\": \"Allow\"\r\n },\r\n \"name\": {\r\n \"value\": \"PortLockdown_ControlledPorts_Restrict\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"783328307102833297\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": [\r\n \"VirtualNetwork\"\r\n ]\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389-3390\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n },\r\n \"priority\": {\r\n \"value\": \"3998\"\r\n },\r\n \"access\": {\r\n \"value\": \"Allow\"\r\n },\r\n \"name\": {\r\n \"value\": \"PortLockdown_ControlledPorts_AllowVnet\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13264874163570265928\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": [\r\n \"*\"\r\n ]\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389-3390\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n },\r\n \"priority\": {\r\n \"value\": \"3999\"\r\n },\r\n \"access\": {\r\n \"value\": \"Deny\"\r\n },\r\n \"name\": {\r\n \"value\": \"PortLockdown_ControlledPorts_Deny\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"10868451132156218171\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": [\r\n \"*\"\r\n ]\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"*\"\r\n ]\r\n },\r\n \"priority\": {\r\n \"value\": \"4000\"\r\n },\r\n \"access\": {\r\n \"value\": \"Allow\"\r\n },\r\n \"name\": {\r\n \"value\": \"PortLockdown_AllowAll\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7115\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"20c4afd0-8a77-4433-b8b0-4ad06e4c7115\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"cosmosdb new aliases test\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"5701618597132748228\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"9148562625737659571\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1317257300482699336\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"636235743263978372\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6540762518326135304\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"16237668974108817340\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/37501145-d01b-4bc8-92d0-c795a19fd164\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd164\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Initiative containing some definitions with deployIfNotExists effect\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9705281775767545600\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"3301615874834833614\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8044870099827093134\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/471eddb2-9421-4b81-8a25-3a0b849544dd\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"471eddb2-9421-4b81-8a25-3a0b849544dd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Initiative with all DeployIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This initiative does the following:\\nDeploy log analytics agent for windows VMs if the VM image is in the list.\\nDeploy dependency agent for windows VMs if the VM image is in the list.\\nDeploy VM extension for Microsoft Guest configuration.\\nDeploy threat detection on SQL servers.\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"10987062065622974413\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourcegroups/robgatestworkspace/providers/microsoft.operationalinsights/workspaces/robgatestworkspace\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"10737899326468628454\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1633155469258918721\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"3301615874834833614\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/61d6052b-cfd5-4ba4-bde7-8301ffb715b2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"61d6052b-cfd5-4ba4-bde7-8301ffb715b2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"6346022531429970426\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/71289c53-22e7-4f31-a6dd-780b532380c6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgatestinitmultiparam\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"TAGNAME_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name1\"\r\n }\r\n },\r\n \"TAGVALUE_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value1\"\r\n }\r\n },\r\n \"TAGNAME_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name2\"\r\n }\r\n },\r\n \"TAGVALUE_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value2\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"7154720483946859542\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_1')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"14987881155449304382\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_2')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/73933cd4-bc06-4e14-8166-3a7109eca21b\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"73933cd4-bc06-4e14-8166-3a7109eca21b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed set\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"LISTOFALLOWEDSKUS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n },\r\n \"LISTOFRESOURCETYPESNOTALLOWED_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"8962248944013962433\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"value\": \"[parameters('LISTOFALLOWEDSKUS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13081098409154781365\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"value\": \"[parameters('LISTOFRESOURCETYPESNOTALLOWED_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/762007ec-c5ba-41ae-a52d-db0834bea096\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"762007ec-c5ba-41ae-a52d-db0834bea096\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"TestAdditionalResourceType\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4146325350290724164\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Sql/servers/firewallRules\",\r\n \"TrendMicro.DeepSecurity/listCommunicationPreference\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/80894954-5ae1-4391-975d-630e5586d07a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"80894954-5ae1-4391-975d-630e5586d07a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim rt group set\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"1\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"ALLOWEDTYPES_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": null,\r\n \"strongType\": \"resourceTypes\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.EventGrid/domains\",\r\n \"Microsoft.EventGrid/domains/topics\",\r\n \"Microsoft.EventGrid/locations\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"18341726042324576950\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Cdn/checkNameAvailability\",\r\n \"Microsoft.Cdn/checkResourceUsage\",\r\n \"Microsoft.Cdn/profiles\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1359233886895761531\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"value\": \"[parameters('ALLOWEDTYPES_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/82d42e20-f682-48dc-95b1-144f0963f0c1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"82d42e20-f682-48dc-95b1-144f0963f0c1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"tags\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9736595915162791837\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t1\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t1v\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5376449293497609056\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t2\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t2v\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/875cf75e-49c3-47f8-ab8d-89ba3d2311a0\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"875cf75e-49c3-47f8-ab8d-89ba3d2311a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ComplianceTestInitiative\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Compliance test initiative \",\r\n \"metadata\": {\r\n \"category\": \"Compliance test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4047897157028507992\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"4859121137597195236\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"centralus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8935913113203900114\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus2\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/a03db67e-a286-43c3-9098-b2da83d361ad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"a03db67e-a286-43c3-9098-b2da83d361ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Azure monitor\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"3178424317310892118\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"4272332260627975108\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/cd5cafc8-25f1-443b-a0d5-a37d8cb782cf\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"cd5cafc8-25f1-443b-a0d5-a37d8cb782cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test_sandipsh123\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/db6c5074-a529-4cc8-8882-43f10ef42002\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"db6c5074-a529-4cc8-8882-43f10ef42002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MuratTest\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"murat\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ersan\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"testupdate\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ignite\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Initiative with my parameterized effect policy\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"EFFECT_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Initiative effect\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"16025301204423402856\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"audit\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"15232055014610564026\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('EFFECT_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e6884163-54c6-4f5e-9570-9e4cbd95b078\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e6884163-54c6-4f5e-9570-9e4cbd95b078\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Initiative with parameterized deployIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"parameterScopes\": {\r\n \"namePattern\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"EFFECT_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"strongType\": \"omsWorkspace\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"7548235847093577126\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[parameters('EFFECT_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"94784994378515624\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign\",\r\n \"parameters\": {\r\n \"namePattern\": {\r\n \"value\": \"one\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/fbcd550f-aeec-40fc-b92f-96aece1f50cd\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"fbcd550f-aeec-40fc-b92f-96aece1f50cd\"\r\n }\r\n ]\r\n}", + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Monitoring in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor system updates\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor OS vulnerabilities\",\r\n \"description\": \"Enable or disable OS vulnerabilities monitoring (based on a configured baseline)\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor endpoint protection\",\r\n \"description\": \"Enable or disable endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disk encryption\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor network security groups\",\r\n \"description\": \"Enable or disable monitoring of network security groups with permissive rules\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webApplicationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor web application firewall\",\r\n \"description\": \"Enable or disable the monitoring of unprotected web applications\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Next Generation Firewall (NGFW) monitoring\",\r\n \"description\": \"Enable or disable monitoring network endpoints without a Next Generation Firewall\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor vulnerability assesment\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"storageEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor storage blob encryption\",\r\n \"description\": \"Enable or disable the monitoring of blob encryption for storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor JIT network access\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor application whitelisting\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL Servers auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL Servers\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInAppServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure App Services\",\r\n \"description\": \"Enable or disable the monitoring of diagnostics logs in Azure App Services\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"encryptionOfAutomationAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor encryption of automation accounts\",\r\n \"description\": \"Enable or disable the monitoring of automation account encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"metricAlertsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor metric alerts in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of metric alerts in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic compute VMs\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"classicStorageAccountsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of classic storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Analytics accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Analytics accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Store accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Store accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Event Hub accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInKeyVaultMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Key Vault vaults\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Key Vault vaults\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInKeyVaultRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Key Vault vaults\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Logic Apps workflows\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInLogicAppsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Redis Cache\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Redis Cache\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Search service\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Azure Active Directory authentication in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"clusterProtectionLevelInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor cluster protection level in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of cluster protection level in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Bus\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Bus\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceBusRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Service Bus\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Service Bus namespace authorization rules\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the provisioning of an Azure AD admininistrator for SQL server\",\r\n \"description\": \"Enable or disable the monitoring of an Azure AD admininistrator for SQL server\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the secure transfer to storage account\",\r\n \"description\": \"Enable or disable the monitoring of secure transfer to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Stream Analytics\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Stream Analytics\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Stream Analytics\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"useRbacRulesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor of using built-in RBAC rules\",\r\n \"description\": \"Enable or disable the monitoring of using built-in RBAC rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disabling of unrestricted network access to storage account\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"accessRulesInEventHubNamespaceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hub namespaces\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hub namespaces\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"accessRulesInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hubs\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL vulnerability assessment results\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor maximum number of owners\",\r\n \"description\": \"Enable or disable the monitoring of maximum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor minimus number of owners\",\r\n \"description\": \"Enable or disable the monitoring of minimum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Function App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Web App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Function App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Web App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for API App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Function App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Web App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in API App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in function App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in Web App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Function\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Function\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Web\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in API App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Function App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Web App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in API App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in Web App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in API App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestNodeJsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Node.js in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Node.js version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in API App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in Web App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in API App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use of DDoS protection for virtual network\",\r\n \"description\": \"Enable or disable the monitoring of DDoS protection for virtual network\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in IoT Hubs\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in IoT Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in IoT Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInIoTHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubNamespaceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"useRbacRulesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('useRbacRulesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInStreamAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"secureTransferToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('secureTransferToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInSqlServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInSqlServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"clusterProtectionLevelInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInRedisCacheMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInKeyVaultMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeStoreMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicStorageAccountsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicStorageAccountsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteStart\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteStartEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"encryptionOfAutomationAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('encryptionOfAutomationAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInAppServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInAppServiceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"storageEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('storageEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemConfigurationsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemConfigurationsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('endpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webApplicationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webApplicationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateLessThanOwnersMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateLessThanOwnersMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateMoreThanOneOwnerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestNodeJsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestNodeJsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vnetEnableDDoSProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vnetEnableDDoSProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"25ef9b72-4af2-4501-acd1-fc814e73dde1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Password security settings inside Linux and Windows virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This policy will audit password security settings inside Linux and Windows virtual machines. For a list of individual settings, please follow the aka.ms link to Azure Policy documentation.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55f3eceb-5573-4f18-9695-226972c6d74a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"75714362-cae7-409e-9b99-a8e5075b7fad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web server security settings inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This initiative will both deploy the VM extension and audit web server security settings inside Windows VMs.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8bc55e6b-e9d5-4266-8dac-f688d151ec9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Data Protection Suite\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c937dcb4-4398-4b39-8d63-4a6be432252e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d7fff7ea-9d47-4952-b854-b7da261e48f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f48bcc78-5400-4fb0-b913-5140a2e5fa20\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Azure Monitor\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains many policies with DeployIfNotExists effect with assignPermissions set at the parameter at the individual policy definition level.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_2\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4755676876307240960\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13418251844728914181\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"12068070188350812865\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8310573323379365078\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"560174196401503668\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"7752708915834271964\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/2476fb6f-011e-4bc4-9d07-ba137949735d\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"2476fb6f-011e-4bc4-9d07-ba137949735d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : No DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains no policies with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"LISTOFIMAGEIDTOINCLUDE_WINDOWS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_LINUX_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"492067171675640903\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"2492943854376579140\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/351907c4-cd47-4e63-8246-c591645a58d6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"351907c4-cd47-4e63-8246-c591645a58d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"cosmosdb new aliases test\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"5701618597132748228\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"9148562625737659571\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1317257300482699336\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"636235743263978372\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6540762518326135304\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"16237668974108817340\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/37501145-d01b-4bc8-92d0-c795a19fd164\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd164\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Initiative containing some definitions with deployIfNotExists effect\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9705281775767545600\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"3301615874834833614\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8044870099827093134\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/471eddb2-9421-4b81-8a25-3a0b849544dd\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"471eddb2-9421-4b81-8a25-3a0b849544dd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"6346022531429970426\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/71289c53-22e7-4f31-a6dd-780b532380c6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgatestinitmultiparam\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"TAGNAME_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name1\"\r\n }\r\n },\r\n \"TAGVALUE_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value1\"\r\n }\r\n },\r\n \"TAGNAME_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name2\"\r\n }\r\n },\r\n \"TAGVALUE_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value2\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"7154720483946859542\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_1')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"14987881155449304382\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_2')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/73933cd4-bc06-4e14-8166-3a7109eca21b\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"73933cd4-bc06-4e14-8166-3a7109eca21b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : One DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains one policy with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n },\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": null,\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_WINDOWS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_LINUX_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"12822089530504669560\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"492067171675640903\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"2492943854376579140\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/74016c36-0a9a-436a-8436-291d54eab1a2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"74016c36-0a9a-436a-8436-291d54eab1a2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed set\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"LISTOFALLOWEDSKUS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n },\r\n \"LISTOFRESOURCETYPESNOTALLOWED_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"8962248944013962433\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"value\": \"[parameters('LISTOFALLOWEDSKUS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13081098409154781365\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"value\": \"[parameters('LISTOFRESOURCETYPESNOTALLOWED_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/762007ec-c5ba-41ae-a52d-db0834bea096\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"762007ec-c5ba-41ae-a52d-db0834bea096\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"TestAdditionalResourceType\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4146325350290724164\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Sql/servers/firewallRules\",\r\n \"TrendMicro.DeepSecurity/listCommunicationPreference\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/80894954-5ae1-4391-975d-630e5586d07a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"80894954-5ae1-4391-975d-630e5586d07a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim rt group set\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"1\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"ALLOWEDTYPES_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": null,\r\n \"strongType\": \"resourceTypes\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.EventGrid/domains\",\r\n \"Microsoft.EventGrid/domains/topics\",\r\n \"Microsoft.EventGrid/locations\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"18341726042324576950\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Cdn/checkNameAvailability\",\r\n \"Microsoft.Cdn/checkResourceUsage\",\r\n \"Microsoft.Cdn/profiles\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1359233886895761531\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"value\": \"[parameters('ALLOWEDTYPES_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/82d42e20-f682-48dc-95b1-144f0963f0c1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"82d42e20-f682-48dc-95b1-144f0963f0c1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"tags\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9736595915162791837\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t1\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t1v\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5376449293497609056\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t2\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t2v\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/875cf75e-49c3-47f8-ab8d-89ba3d2311a0\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"875cf75e-49c3-47f8-ab8d-89ba3d2311a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ComplianceTestInitiative\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Compliance test initiative \",\r\n \"metadata\": {\r\n \"category\": \"Compliance test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4047897157028507992\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"4859121137597195236\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"centralus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8935913113203900114\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus2\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/a03db67e-a286-43c3-9098-b2da83d361ad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"a03db67e-a286-43c3-9098-b2da83d361ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : DINE mulitple policies with no role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"storageAccountsResourceGroup\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9705281775767545600\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"661064339838764944\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195\",\r\n \"parameters\": {\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"rohitbhtest\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/b03bf722-f2a8-4a84-8af6-f43b28b5a917\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"b03bf722-f2a8-4a84-8af6-f43b28b5a917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgaparamtest\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"LISTOFRESOURCETYPESNOTALLOWED_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"13081098409154781365\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"value\": \"[parameters('LISTOFRESOURCETYPESNOTALLOWED_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/c020e9eb-47d4-434a-8627-e202808ed117\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c020e9eb-47d4-434a-8627-e202808ed117\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Many DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains many policies with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": null,\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_2\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4755676876307240960\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13418251844728914181\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"12068070188350812865\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8310573323379365078\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"560174196401503668\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"7752708915834271964\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/da84593c-b133-40c2-8524-c79fd38e7450\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7450\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test_sandipsh123\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/db6c5074-a529-4cc8-8882-43f10ef42002\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"db6c5074-a529-4cc8-8882-43f10ef42002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MuratTest\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"murat\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ersan\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"testupdate\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ignite\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Initiative with my parameterized effect policy\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"EFFECT_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Initiative effect\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"16025301204423402856\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"audit\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"15232055014610564026\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('EFFECT_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e6884163-54c6-4f5e-9570-9e4cbd95b078\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e6884163-54c6-4f5e-9570-9e4cbd95b078\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"6782502132987446742\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9867\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/ps3866\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"ps3866\"\r\n }\r\n ]\r\n}", "StatusCode": 200 }, { @@ -220,16 +220,16 @@ "Accept-Encoding" ], "x-ms-request-id": [ - "westus2:f7756972-4890-4b46-9925-2c7e0e0b9bd6" + "westus2:266b78ac-0805-48cd-be60-f260e7f3ca89" ], "x-ms-ratelimit-remaining-subscription-reads": [ - "11997" + "11998" ], "x-ms-correlation-request-id": [ - "87f9d189-901c-495b-b4c2-3217c6bc4238" + "443be659-3fd0-4bbc-a57b-224d98d05794" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T213604Z:87f9d189-901c-495b-b4c2-3217c6bc4238" + "WESTUS2:20190116T193620Z:443be659-3fd0-4bbc-a57b-224d98d05794" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -238,10 +238,10 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:36:04 GMT" + "Wed, 16 Jan 2019 19:36:19 GMT" ], "Content-Length": [ - "91044" + "93897" ], "Content-Type": [ "application/json; charset=utf-8" @@ -253,7 +253,7 @@ "0" ] }, - "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Monitoring in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor system updates\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor OS vulnerabilities\",\r\n \"description\": \"Enable or disable OS vulnerabilities monitoring (based on a configured baseline)\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor endpoint protection\",\r\n \"description\": \"Enable or disable endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disk encryption\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor network security groups\",\r\n \"description\": \"Enable or disable monitoring of network security groups with permissive rules\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webApplicationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor web application firewall\",\r\n \"description\": \"Enable or disable the monitoring of unprotected web applications\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Next Generation Firewall (NGFW) monitoring\",\r\n \"description\": \"Enable or disable monitoring network endpoints without a Next Generation Firewall\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor vulnerability assesment\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"storageEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor storage blob encryption\",\r\n \"description\": \"Enable or disable the monitoring of blob encryption for storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor JIT network access\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor application whitelisting\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL Servers auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL Servers\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInAppServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure App Services\",\r\n \"description\": \"Enable or disable the monitoring of diagnostics logs in Azure App Services\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"encryptionOfAutomationAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor encryption of automation accounts\",\r\n \"description\": \"Enable or disable the monitoring of automation account encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"metricAlertsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor metric alerts in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of metric alerts in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic compute VMs\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"classicStorageAccountsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of classic storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Analytics accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Analytics accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Store accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Store accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Event Hub accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInKeyVaultMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Key Vault vaults\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Key Vault vaults\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInKeyVaultRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Key Vault vaults\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Logic Apps workflows\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInLogicAppsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Redis Cache\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Redis Cache\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Search service\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Azure Active Directory authentication in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"clusterProtectionLevelInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor cluster protection level in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of cluster protection level in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Bus\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Bus\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceBusRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Service Bus\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Service Bus namespace authorization rules\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the provisioning of an Azure AD admininistrator for SQL server\",\r\n \"description\": \"Enable or disable the monitoring of an Azure AD admininistrator for SQL server\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the secure transfer to storage account\",\r\n \"description\": \"Enable or disable the monitoring of secure transfer to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Stream Analytics\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Stream Analytics\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Stream Analytics\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"useRbacRulesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor of using built-in RBAC rules\",\r\n \"description\": \"Enable or disable the monitoring of using built-in RBAC rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disabling of unrestricted network access to storage account\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"accessRulesInEventHubNamespaceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hub namespaces\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hub namespaces\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"accessRulesInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hubs\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL vulnerability assessment results\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor maximum number of owners\",\r\n \"description\": \"Enable or disable the monitoring of maximum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor minimus number of owners\",\r\n \"description\": \"Enable or disable the monitoring of minimum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Function App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Web App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Function App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Web App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for API App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Function App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Web App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in API App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in function App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in Web App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Function\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Function\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Web\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in API App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Function App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Web App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in API App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in Web App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in API App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestNodeJsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Node.js in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Node.js version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in API App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in Web App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in API App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use of DDoS protection for virtual network\",\r\n \"description\": \"Enable or disable the monitoring of DDoS protection for virtual network\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubNamespaceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"useRbacRulesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('useRbacRulesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInStreamAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"secureTransferToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('secureTransferToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInSqlServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInSqlServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"clusterProtectionLevelInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInRedisCacheMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInKeyVaultMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeStoreMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicStorageAccountsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicStorageAccountsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteStart\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteStartEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteComplete\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteCompleteEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"encryptionOfAutomationAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('encryptionOfAutomationAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInAppServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInAppServiceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"storageEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('storageEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemConfigurationsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemConfigurationsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('endpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webApplicationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webApplicationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateLessThanOwnersMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateLessThanOwnersMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateMoreThanOneOwnerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestNodeJsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestNodeJsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vnetEnableDDoSProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vnetEnableDDoSProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"25ef9b72-4af2-4501-acd1-fc814e73dde1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Password security settings inside Linux and Windows virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This policy will audit password security settings inside Linux and Windows virtual machines. For a list of individual settings, please follow the aka.ms link to Azure Policy documentation.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55f3eceb-5573-4f18-9695-226972c6d74a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"75714362-cae7-409e-9b99-a8e5075b7fad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web server security settings inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This initiative will both deploy the VM extension and audit web server security settings inside Windows VMs.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8bc55e6b-e9d5-4266-8dac-f688d151ec9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Data Protection Suite\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c937dcb4-4398-4b39-8d63-4a6be432252e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d7fff7ea-9d47-4952-b854-b7da261e48f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f48bcc78-5400-4fb0-b913-5140a2e5fa20\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce VM Port Lockdown\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Enforces that specific port ranges have access restricted to either CorpNet or SAW (depending on source IP range chosen during assignment)\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\",\r\n \"parameterScopes\": {\r\n \"access\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"SOURCEADDRESSPREFIXES_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"5930870351761903477\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389\",\r\n \"3389-3390\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"14554220312663270802\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"5986\",\r\n \"5985\",\r\n \"5985-5986\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"9245329265770241913\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"22\",\r\n \"22-22\",\r\n \"22-23\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"17233112498738905251\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"23\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"11847028610508251009\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"1433\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5782128531867937477\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"445\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6932989581576954984\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"135\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"797444469315623872\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d7b13c30-e6aa-47e1-b50a-8e33f152d086\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389\",\r\n \"3389-3390\",\r\n \"5986\",\r\n \"5985\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"22-22\",\r\n \"22-23\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6167651208609008778\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5487397055645750292\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/210ed8bd-6b07-4d5e-a62c-c34f07293288\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389-3390\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5721159336579598604\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389-3390\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n },\r\n \"priority\": {\r\n \"value\": \"3997\"\r\n },\r\n \"access\": {\r\n \"value\": \"Allow\"\r\n },\r\n \"name\": {\r\n \"value\": \"PortLockdown_ControlledPorts_Restrict\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"783328307102833297\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": [\r\n \"VirtualNetwork\"\r\n ]\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389-3390\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n },\r\n \"priority\": {\r\n \"value\": \"3998\"\r\n },\r\n \"access\": {\r\n \"value\": \"Allow\"\r\n },\r\n \"name\": {\r\n \"value\": \"PortLockdown_ControlledPorts_AllowVnet\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13264874163570265928\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": [\r\n \"*\"\r\n ]\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389-3390\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n },\r\n \"priority\": {\r\n \"value\": \"3999\"\r\n },\r\n \"access\": {\r\n \"value\": \"Deny\"\r\n },\r\n \"name\": {\r\n \"value\": \"PortLockdown_ControlledPorts_Deny\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"10868451132156218171\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": [\r\n \"*\"\r\n ]\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"*\"\r\n ]\r\n },\r\n \"priority\": {\r\n \"value\": \"4000\"\r\n },\r\n \"access\": {\r\n \"value\": \"Allow\"\r\n },\r\n \"name\": {\r\n \"value\": \"PortLockdown_AllowAll\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7115\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"20c4afd0-8a77-4433-b8b0-4ad06e4c7115\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"cosmosdb new aliases test\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"5701618597132748228\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"9148562625737659571\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1317257300482699336\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"636235743263978372\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6540762518326135304\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"16237668974108817340\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/37501145-d01b-4bc8-92d0-c795a19fd164\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd164\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Initiative containing some definitions with deployIfNotExists effect\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9705281775767545600\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"3301615874834833614\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8044870099827093134\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/471eddb2-9421-4b81-8a25-3a0b849544dd\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"471eddb2-9421-4b81-8a25-3a0b849544dd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Initiative with all DeployIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This initiative does the following:\\nDeploy log analytics agent for windows VMs if the VM image is in the list.\\nDeploy dependency agent for windows VMs if the VM image is in the list.\\nDeploy VM extension for Microsoft Guest configuration.\\nDeploy threat detection on SQL servers.\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"10987062065622974413\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourcegroups/robgatestworkspace/providers/microsoft.operationalinsights/workspaces/robgatestworkspace\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"10737899326468628454\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1633155469258918721\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"3301615874834833614\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/61d6052b-cfd5-4ba4-bde7-8301ffb715b2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"61d6052b-cfd5-4ba4-bde7-8301ffb715b2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"6346022531429970426\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/71289c53-22e7-4f31-a6dd-780b532380c6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgatestinitmultiparam\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"TAGNAME_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name1\"\r\n }\r\n },\r\n \"TAGVALUE_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value1\"\r\n }\r\n },\r\n \"TAGNAME_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name2\"\r\n }\r\n },\r\n \"TAGVALUE_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value2\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"7154720483946859542\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_1')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"14987881155449304382\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_2')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/73933cd4-bc06-4e14-8166-3a7109eca21b\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"73933cd4-bc06-4e14-8166-3a7109eca21b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed set\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"LISTOFALLOWEDSKUS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n },\r\n \"LISTOFRESOURCETYPESNOTALLOWED_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"8962248944013962433\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"value\": \"[parameters('LISTOFALLOWEDSKUS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13081098409154781365\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"value\": \"[parameters('LISTOFRESOURCETYPESNOTALLOWED_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/762007ec-c5ba-41ae-a52d-db0834bea096\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"762007ec-c5ba-41ae-a52d-db0834bea096\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"TestAdditionalResourceType\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4146325350290724164\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Sql/servers/firewallRules\",\r\n \"TrendMicro.DeepSecurity/listCommunicationPreference\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/80894954-5ae1-4391-975d-630e5586d07a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"80894954-5ae1-4391-975d-630e5586d07a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim rt group set\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"1\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"ALLOWEDTYPES_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": null,\r\n \"strongType\": \"resourceTypes\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.EventGrid/domains\",\r\n \"Microsoft.EventGrid/domains/topics\",\r\n \"Microsoft.EventGrid/locations\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"18341726042324576950\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Cdn/checkNameAvailability\",\r\n \"Microsoft.Cdn/checkResourceUsage\",\r\n \"Microsoft.Cdn/profiles\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1359233886895761531\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"value\": \"[parameters('ALLOWEDTYPES_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/82d42e20-f682-48dc-95b1-144f0963f0c1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"82d42e20-f682-48dc-95b1-144f0963f0c1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"tags\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9736595915162791837\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t1\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t1v\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5376449293497609056\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t2\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t2v\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/875cf75e-49c3-47f8-ab8d-89ba3d2311a0\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"875cf75e-49c3-47f8-ab8d-89ba3d2311a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ComplianceTestInitiative\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Compliance test initiative \",\r\n \"metadata\": {\r\n \"category\": \"Compliance test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4047897157028507992\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"4859121137597195236\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"centralus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8935913113203900114\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus2\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/a03db67e-a286-43c3-9098-b2da83d361ad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"a03db67e-a286-43c3-9098-b2da83d361ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Azure monitor\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"3178424317310892118\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"4272332260627975108\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/cd5cafc8-25f1-443b-a0d5-a37d8cb782cf\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"cd5cafc8-25f1-443b-a0d5-a37d8cb782cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test_sandipsh123\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/db6c5074-a529-4cc8-8882-43f10ef42002\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"db6c5074-a529-4cc8-8882-43f10ef42002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MuratTest\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"murat\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ersan\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"testupdate\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ignite\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Initiative with my parameterized effect policy\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"EFFECT_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Initiative effect\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"16025301204423402856\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"audit\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"15232055014610564026\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('EFFECT_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e6884163-54c6-4f5e-9570-9e4cbd95b078\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e6884163-54c6-4f5e-9570-9e4cbd95b078\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Initiative with parameterized deployIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"parameterScopes\": {\r\n \"namePattern\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"EFFECT_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"strongType\": \"omsWorkspace\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"7548235847093577126\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[parameters('EFFECT_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"94784994378515624\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign\",\r\n \"parameters\": {\r\n \"namePattern\": {\r\n \"value\": \"one\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/fbcd550f-aeec-40fc-b92f-96aece1f50cd\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"fbcd550f-aeec-40fc-b92f-96aece1f50cd\"\r\n }\r\n ]\r\n}", + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Monitoring in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor system updates\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor OS vulnerabilities\",\r\n \"description\": \"Enable or disable OS vulnerabilities monitoring (based on a configured baseline)\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor endpoint protection\",\r\n \"description\": \"Enable or disable endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disk encryption\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor network security groups\",\r\n \"description\": \"Enable or disable monitoring of network security groups with permissive rules\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webApplicationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor web application firewall\",\r\n \"description\": \"Enable or disable the monitoring of unprotected web applications\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Next Generation Firewall (NGFW) monitoring\",\r\n \"description\": \"Enable or disable monitoring network endpoints without a Next Generation Firewall\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor vulnerability assesment\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"storageEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor storage blob encryption\",\r\n \"description\": \"Enable or disable the monitoring of blob encryption for storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor JIT network access\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor application whitelisting\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL Servers auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL Servers\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInAppServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure App Services\",\r\n \"description\": \"Enable or disable the monitoring of diagnostics logs in Azure App Services\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"encryptionOfAutomationAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor encryption of automation accounts\",\r\n \"description\": \"Enable or disable the monitoring of automation account encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"metricAlertsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor metric alerts in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of metric alerts in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic compute VMs\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"classicStorageAccountsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of classic storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Analytics accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Analytics accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Store accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Store accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Event Hub accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInKeyVaultMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Key Vault vaults\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Key Vault vaults\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInKeyVaultRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Key Vault vaults\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Logic Apps workflows\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInLogicAppsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Redis Cache\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Redis Cache\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Search service\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Azure Active Directory authentication in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"clusterProtectionLevelInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor cluster protection level in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of cluster protection level in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Bus\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Bus\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceBusRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Service Bus\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Service Bus namespace authorization rules\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the provisioning of an Azure AD admininistrator for SQL server\",\r\n \"description\": \"Enable or disable the monitoring of an Azure AD admininistrator for SQL server\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the secure transfer to storage account\",\r\n \"description\": \"Enable or disable the monitoring of secure transfer to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Stream Analytics\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Stream Analytics\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Stream Analytics\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"useRbacRulesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor of using built-in RBAC rules\",\r\n \"description\": \"Enable or disable the monitoring of using built-in RBAC rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disabling of unrestricted network access to storage account\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"accessRulesInEventHubNamespaceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hub namespaces\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hub namespaces\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"accessRulesInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hubs\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL vulnerability assessment results\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor maximum number of owners\",\r\n \"description\": \"Enable or disable the monitoring of maximum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor minimus number of owners\",\r\n \"description\": \"Enable or disable the monitoring of minimum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Function App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Web App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Function App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Web App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for API App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Function App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Web App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in API App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in function App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in Web App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Function\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Function\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Web\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in API App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Function App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Web App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in API App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in Web App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in API App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestNodeJsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Node.js in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Node.js version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in API App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in Web App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in API App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use of DDoS protection for virtual network\",\r\n \"description\": \"Enable or disable the monitoring of DDoS protection for virtual network\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in IoT Hubs\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in IoT Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in IoT Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInIoTHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubNamespaceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"useRbacRulesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('useRbacRulesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInStreamAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"secureTransferToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('secureTransferToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInSqlServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInSqlServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"clusterProtectionLevelInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInRedisCacheMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInKeyVaultMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeStoreMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicStorageAccountsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicStorageAccountsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteStart\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteStartEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"encryptionOfAutomationAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('encryptionOfAutomationAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInAppServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInAppServiceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"storageEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('storageEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemConfigurationsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemConfigurationsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('endpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webApplicationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webApplicationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateLessThanOwnersMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateLessThanOwnersMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateMoreThanOneOwnerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestNodeJsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestNodeJsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vnetEnableDDoSProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vnetEnableDDoSProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"25ef9b72-4af2-4501-acd1-fc814e73dde1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Password security settings inside Linux and Windows virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This policy will audit password security settings inside Linux and Windows virtual machines. For a list of individual settings, please follow the aka.ms link to Azure Policy documentation.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55f3eceb-5573-4f18-9695-226972c6d74a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"75714362-cae7-409e-9b99-a8e5075b7fad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web server security settings inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This initiative will both deploy the VM extension and audit web server security settings inside Windows VMs.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8bc55e6b-e9d5-4266-8dac-f688d151ec9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Data Protection Suite\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c937dcb4-4398-4b39-8d63-4a6be432252e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d7fff7ea-9d47-4952-b854-b7da261e48f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f48bcc78-5400-4fb0-b913-5140a2e5fa20\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Azure Monitor\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains many policies with DeployIfNotExists effect with assignPermissions set at the parameter at the individual policy definition level.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_2\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4755676876307240960\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13418251844728914181\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"12068070188350812865\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8310573323379365078\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"560174196401503668\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"7752708915834271964\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/2476fb6f-011e-4bc4-9d07-ba137949735d\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"2476fb6f-011e-4bc4-9d07-ba137949735d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : No DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains no policies with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"LISTOFIMAGEIDTOINCLUDE_WINDOWS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_LINUX_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"492067171675640903\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"2492943854376579140\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/351907c4-cd47-4e63-8246-c591645a58d6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"351907c4-cd47-4e63-8246-c591645a58d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"cosmosdb new aliases test\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"5701618597132748228\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"9148562625737659571\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1317257300482699336\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"636235743263978372\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6540762518326135304\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"16237668974108817340\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/37501145-d01b-4bc8-92d0-c795a19fd164\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd164\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Initiative containing some definitions with deployIfNotExists effect\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9705281775767545600\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"3301615874834833614\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8044870099827093134\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/471eddb2-9421-4b81-8a25-3a0b849544dd\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"471eddb2-9421-4b81-8a25-3a0b849544dd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"6346022531429970426\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/71289c53-22e7-4f31-a6dd-780b532380c6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgatestinitmultiparam\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"TAGNAME_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name1\"\r\n }\r\n },\r\n \"TAGVALUE_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value1\"\r\n }\r\n },\r\n \"TAGNAME_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name2\"\r\n }\r\n },\r\n \"TAGVALUE_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value2\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"7154720483946859542\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_1')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"14987881155449304382\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_2')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/73933cd4-bc06-4e14-8166-3a7109eca21b\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"73933cd4-bc06-4e14-8166-3a7109eca21b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : One DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains one policy with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n },\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": null,\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_WINDOWS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_LINUX_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"12822089530504669560\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"492067171675640903\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"2492943854376579140\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/74016c36-0a9a-436a-8436-291d54eab1a2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"74016c36-0a9a-436a-8436-291d54eab1a2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed set\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"LISTOFALLOWEDSKUS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n },\r\n \"LISTOFRESOURCETYPESNOTALLOWED_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"8962248944013962433\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"value\": \"[parameters('LISTOFALLOWEDSKUS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13081098409154781365\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"value\": \"[parameters('LISTOFRESOURCETYPESNOTALLOWED_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/762007ec-c5ba-41ae-a52d-db0834bea096\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"762007ec-c5ba-41ae-a52d-db0834bea096\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"TestAdditionalResourceType\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4146325350290724164\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Sql/servers/firewallRules\",\r\n \"TrendMicro.DeepSecurity/listCommunicationPreference\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/80894954-5ae1-4391-975d-630e5586d07a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"80894954-5ae1-4391-975d-630e5586d07a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim rt group set\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"1\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"ALLOWEDTYPES_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": null,\r\n \"strongType\": \"resourceTypes\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.EventGrid/domains\",\r\n \"Microsoft.EventGrid/domains/topics\",\r\n \"Microsoft.EventGrid/locations\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"18341726042324576950\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Cdn/checkNameAvailability\",\r\n \"Microsoft.Cdn/checkResourceUsage\",\r\n \"Microsoft.Cdn/profiles\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1359233886895761531\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"value\": \"[parameters('ALLOWEDTYPES_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/82d42e20-f682-48dc-95b1-144f0963f0c1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"82d42e20-f682-48dc-95b1-144f0963f0c1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"tags\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9736595915162791837\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t1\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t1v\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5376449293497609056\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t2\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t2v\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/875cf75e-49c3-47f8-ab8d-89ba3d2311a0\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"875cf75e-49c3-47f8-ab8d-89ba3d2311a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ComplianceTestInitiative\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Compliance test initiative \",\r\n \"metadata\": {\r\n \"category\": \"Compliance test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4047897157028507992\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"4859121137597195236\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"centralus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8935913113203900114\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus2\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/a03db67e-a286-43c3-9098-b2da83d361ad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"a03db67e-a286-43c3-9098-b2da83d361ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : DINE mulitple policies with no role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"storageAccountsResourceGroup\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9705281775767545600\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"661064339838764944\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195\",\r\n \"parameters\": {\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"rohitbhtest\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/b03bf722-f2a8-4a84-8af6-f43b28b5a917\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"b03bf722-f2a8-4a84-8af6-f43b28b5a917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgaparamtest\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"LISTOFRESOURCETYPESNOTALLOWED_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"13081098409154781365\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"value\": \"[parameters('LISTOFRESOURCETYPESNOTALLOWED_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/c020e9eb-47d4-434a-8627-e202808ed117\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c020e9eb-47d4-434a-8627-e202808ed117\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Many DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains many policies with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": null,\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_2\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4755676876307240960\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13418251844728914181\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"12068070188350812865\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8310573323379365078\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"560174196401503668\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"7752708915834271964\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/da84593c-b133-40c2-8524-c79fd38e7450\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7450\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test_sandipsh123\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/db6c5074-a529-4cc8-8882-43f10ef42002\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"db6c5074-a529-4cc8-8882-43f10ef42002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MuratTest\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"murat\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ersan\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"testupdate\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ignite\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Initiative with my parameterized effect policy\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"EFFECT_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Initiative effect\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"16025301204423402856\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"audit\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"15232055014610564026\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('EFFECT_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e6884163-54c6-4f5e-9570-9e4cbd95b078\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e6884163-54c6-4f5e-9570-9e4cbd95b078\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"6782502132987446742\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9867\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/ps3866\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"ps3866\"\r\n }\r\n ]\r\n}", "StatusCode": 200 }, { @@ -284,16 +284,16 @@ "Accept-Encoding" ], "x-ms-request-id": [ - "westus2:79376679-0f61-4589-89a9-fb2250055450" + "westus2:de948380-43e6-40d5-ae2e-55883f65830a" ], "x-ms-ratelimit-remaining-subscription-reads": [ - "11990" + "11998" ], "x-ms-correlation-request-id": [ - "599140d0-af43-4f25-af5b-6c9e30d801f3" + "146db3be-9be8-47aa-850f-f1b9cdf1927e" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T213605Z:599140d0-af43-4f25-af5b-6c9e30d801f3" + "WESTUS2:20190116T193621Z:146db3be-9be8-47aa-850f-f1b9cdf1927e" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -302,10 +302,10 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:36:05 GMT" + "Wed, 16 Jan 2019 19:36:20 GMT" ], "Content-Length": [ - "91044" + "93897" ], "Content-Type": [ "application/json; charset=utf-8" @@ -317,7 +317,7 @@ "0" ] }, - "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Monitoring in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor system updates\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor OS vulnerabilities\",\r\n \"description\": \"Enable or disable OS vulnerabilities monitoring (based on a configured baseline)\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor endpoint protection\",\r\n \"description\": \"Enable or disable endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disk encryption\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor network security groups\",\r\n \"description\": \"Enable or disable monitoring of network security groups with permissive rules\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webApplicationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor web application firewall\",\r\n \"description\": \"Enable or disable the monitoring of unprotected web applications\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Next Generation Firewall (NGFW) monitoring\",\r\n \"description\": \"Enable or disable monitoring network endpoints without a Next Generation Firewall\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor vulnerability assesment\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"storageEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor storage blob encryption\",\r\n \"description\": \"Enable or disable the monitoring of blob encryption for storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor JIT network access\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor application whitelisting\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL Servers auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL Servers\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInAppServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure App Services\",\r\n \"description\": \"Enable or disable the monitoring of diagnostics logs in Azure App Services\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"encryptionOfAutomationAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor encryption of automation accounts\",\r\n \"description\": \"Enable or disable the monitoring of automation account encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"metricAlertsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor metric alerts in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of metric alerts in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic compute VMs\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"classicStorageAccountsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of classic storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Analytics accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Analytics accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Store accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Store accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Event Hub accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInKeyVaultMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Key Vault vaults\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Key Vault vaults\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInKeyVaultRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Key Vault vaults\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Logic Apps workflows\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInLogicAppsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Redis Cache\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Redis Cache\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Search service\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Azure Active Directory authentication in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"clusterProtectionLevelInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor cluster protection level in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of cluster protection level in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Bus\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Bus\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceBusRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Service Bus\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Service Bus namespace authorization rules\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the provisioning of an Azure AD admininistrator for SQL server\",\r\n \"description\": \"Enable or disable the monitoring of an Azure AD admininistrator for SQL server\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the secure transfer to storage account\",\r\n \"description\": \"Enable or disable the monitoring of secure transfer to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Stream Analytics\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Stream Analytics\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Stream Analytics\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"useRbacRulesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor of using built-in RBAC rules\",\r\n \"description\": \"Enable or disable the monitoring of using built-in RBAC rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disabling of unrestricted network access to storage account\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"accessRulesInEventHubNamespaceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hub namespaces\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hub namespaces\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"accessRulesInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hubs\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL vulnerability assessment results\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor maximum number of owners\",\r\n \"description\": \"Enable or disable the monitoring of maximum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor minimus number of owners\",\r\n \"description\": \"Enable or disable the monitoring of minimum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Function App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Web App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Function App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Web App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for API App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Function App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Web App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in API App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in function App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in Web App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Function\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Function\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Web\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in API App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Function App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Web App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in API App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in Web App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in API App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestNodeJsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Node.js in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Node.js version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in API App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in Web App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in API App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use of DDoS protection for virtual network\",\r\n \"description\": \"Enable or disable the monitoring of DDoS protection for virtual network\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubNamespaceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"useRbacRulesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('useRbacRulesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInStreamAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"secureTransferToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('secureTransferToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInSqlServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInSqlServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"clusterProtectionLevelInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInRedisCacheMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInKeyVaultMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeStoreMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicStorageAccountsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicStorageAccountsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteStart\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteStartEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteComplete\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteCompleteEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"encryptionOfAutomationAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('encryptionOfAutomationAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInAppServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInAppServiceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"storageEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('storageEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemConfigurationsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemConfigurationsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('endpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webApplicationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webApplicationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateLessThanOwnersMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateLessThanOwnersMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateMoreThanOneOwnerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestNodeJsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestNodeJsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vnetEnableDDoSProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vnetEnableDDoSProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"25ef9b72-4af2-4501-acd1-fc814e73dde1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Password security settings inside Linux and Windows virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This policy will audit password security settings inside Linux and Windows virtual machines. For a list of individual settings, please follow the aka.ms link to Azure Policy documentation.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55f3eceb-5573-4f18-9695-226972c6d74a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"75714362-cae7-409e-9b99-a8e5075b7fad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web server security settings inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This initiative will both deploy the VM extension and audit web server security settings inside Windows VMs.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8bc55e6b-e9d5-4266-8dac-f688d151ec9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Data Protection Suite\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c937dcb4-4398-4b39-8d63-4a6be432252e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d7fff7ea-9d47-4952-b854-b7da261e48f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f48bcc78-5400-4fb0-b913-5140a2e5fa20\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce VM Port Lockdown\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Enforces that specific port ranges have access restricted to either CorpNet or SAW (depending on source IP range chosen during assignment)\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\",\r\n \"parameterScopes\": {\r\n \"access\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"SOURCEADDRESSPREFIXES_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"5930870351761903477\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389\",\r\n \"3389-3390\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"14554220312663270802\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"5986\",\r\n \"5985\",\r\n \"5985-5986\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"9245329265770241913\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"22\",\r\n \"22-22\",\r\n \"22-23\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"17233112498738905251\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"23\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"11847028610508251009\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"1433\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5782128531867937477\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"445\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6932989581576954984\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"135\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"797444469315623872\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d7b13c30-e6aa-47e1-b50a-8e33f152d086\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389\",\r\n \"3389-3390\",\r\n \"5986\",\r\n \"5985\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"22-22\",\r\n \"22-23\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6167651208609008778\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5487397055645750292\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/210ed8bd-6b07-4d5e-a62c-c34f07293288\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389-3390\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5721159336579598604\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389-3390\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n },\r\n \"priority\": {\r\n \"value\": \"3997\"\r\n },\r\n \"access\": {\r\n \"value\": \"Allow\"\r\n },\r\n \"name\": {\r\n \"value\": \"PortLockdown_ControlledPorts_Restrict\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"783328307102833297\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": [\r\n \"VirtualNetwork\"\r\n ]\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389-3390\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n },\r\n \"priority\": {\r\n \"value\": \"3998\"\r\n },\r\n \"access\": {\r\n \"value\": \"Allow\"\r\n },\r\n \"name\": {\r\n \"value\": \"PortLockdown_ControlledPorts_AllowVnet\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13264874163570265928\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": [\r\n \"*\"\r\n ]\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389-3390\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n },\r\n \"priority\": {\r\n \"value\": \"3999\"\r\n },\r\n \"access\": {\r\n \"value\": \"Deny\"\r\n },\r\n \"name\": {\r\n \"value\": \"PortLockdown_ControlledPorts_Deny\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"10868451132156218171\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": [\r\n \"*\"\r\n ]\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"*\"\r\n ]\r\n },\r\n \"priority\": {\r\n \"value\": \"4000\"\r\n },\r\n \"access\": {\r\n \"value\": \"Allow\"\r\n },\r\n \"name\": {\r\n \"value\": \"PortLockdown_AllowAll\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7115\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"20c4afd0-8a77-4433-b8b0-4ad06e4c7115\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"cosmosdb new aliases test\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"5701618597132748228\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"9148562625737659571\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1317257300482699336\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"636235743263978372\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6540762518326135304\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"16237668974108817340\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/37501145-d01b-4bc8-92d0-c795a19fd164\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd164\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Initiative containing some definitions with deployIfNotExists effect\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9705281775767545600\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"3301615874834833614\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8044870099827093134\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/471eddb2-9421-4b81-8a25-3a0b849544dd\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"471eddb2-9421-4b81-8a25-3a0b849544dd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Initiative with all DeployIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This initiative does the following:\\nDeploy log analytics agent for windows VMs if the VM image is in the list.\\nDeploy dependency agent for windows VMs if the VM image is in the list.\\nDeploy VM extension for Microsoft Guest configuration.\\nDeploy threat detection on SQL servers.\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"10987062065622974413\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourcegroups/robgatestworkspace/providers/microsoft.operationalinsights/workspaces/robgatestworkspace\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"10737899326468628454\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1633155469258918721\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"3301615874834833614\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/61d6052b-cfd5-4ba4-bde7-8301ffb715b2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"61d6052b-cfd5-4ba4-bde7-8301ffb715b2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"6346022531429970426\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/71289c53-22e7-4f31-a6dd-780b532380c6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgatestinitmultiparam\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"TAGNAME_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name1\"\r\n }\r\n },\r\n \"TAGVALUE_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value1\"\r\n }\r\n },\r\n \"TAGNAME_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name2\"\r\n }\r\n },\r\n \"TAGVALUE_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value2\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"7154720483946859542\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_1')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"14987881155449304382\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_2')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/73933cd4-bc06-4e14-8166-3a7109eca21b\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"73933cd4-bc06-4e14-8166-3a7109eca21b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed set\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"LISTOFALLOWEDSKUS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n },\r\n \"LISTOFRESOURCETYPESNOTALLOWED_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"8962248944013962433\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"value\": \"[parameters('LISTOFALLOWEDSKUS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13081098409154781365\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"value\": \"[parameters('LISTOFRESOURCETYPESNOTALLOWED_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/762007ec-c5ba-41ae-a52d-db0834bea096\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"762007ec-c5ba-41ae-a52d-db0834bea096\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"TestAdditionalResourceType\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4146325350290724164\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Sql/servers/firewallRules\",\r\n \"TrendMicro.DeepSecurity/listCommunicationPreference\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/80894954-5ae1-4391-975d-630e5586d07a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"80894954-5ae1-4391-975d-630e5586d07a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim rt group set\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"1\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"ALLOWEDTYPES_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": null,\r\n \"strongType\": \"resourceTypes\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.EventGrid/domains\",\r\n \"Microsoft.EventGrid/domains/topics\",\r\n \"Microsoft.EventGrid/locations\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"18341726042324576950\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Cdn/checkNameAvailability\",\r\n \"Microsoft.Cdn/checkResourceUsage\",\r\n \"Microsoft.Cdn/profiles\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1359233886895761531\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"value\": \"[parameters('ALLOWEDTYPES_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/82d42e20-f682-48dc-95b1-144f0963f0c1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"82d42e20-f682-48dc-95b1-144f0963f0c1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"tags\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9736595915162791837\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t1\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t1v\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5376449293497609056\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t2\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t2v\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/875cf75e-49c3-47f8-ab8d-89ba3d2311a0\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"875cf75e-49c3-47f8-ab8d-89ba3d2311a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ComplianceTestInitiative\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Compliance test initiative \",\r\n \"metadata\": {\r\n \"category\": \"Compliance test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4047897157028507992\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"4859121137597195236\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"centralus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8935913113203900114\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus2\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/a03db67e-a286-43c3-9098-b2da83d361ad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"a03db67e-a286-43c3-9098-b2da83d361ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Azure monitor\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"3178424317310892118\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"4272332260627975108\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/cd5cafc8-25f1-443b-a0d5-a37d8cb782cf\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"cd5cafc8-25f1-443b-a0d5-a37d8cb782cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test_sandipsh123\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/db6c5074-a529-4cc8-8882-43f10ef42002\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"db6c5074-a529-4cc8-8882-43f10ef42002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MuratTest\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"murat\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ersan\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"testupdate\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ignite\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Initiative with my parameterized effect policy\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"EFFECT_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Initiative effect\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"16025301204423402856\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"audit\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"15232055014610564026\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('EFFECT_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e6884163-54c6-4f5e-9570-9e4cbd95b078\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e6884163-54c6-4f5e-9570-9e4cbd95b078\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Initiative with parameterized deployIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"parameterScopes\": {\r\n \"namePattern\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"EFFECT_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"strongType\": \"omsWorkspace\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"7548235847093577126\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[parameters('EFFECT_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"94784994378515624\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign\",\r\n \"parameters\": {\r\n \"namePattern\": {\r\n \"value\": \"one\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/fbcd550f-aeec-40fc-b92f-96aece1f50cd\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"fbcd550f-aeec-40fc-b92f-96aece1f50cd\"\r\n }\r\n ]\r\n}", + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Monitoring in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor system updates\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor OS vulnerabilities\",\r\n \"description\": \"Enable or disable OS vulnerabilities monitoring (based on a configured baseline)\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor endpoint protection\",\r\n \"description\": \"Enable or disable endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disk encryption\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor network security groups\",\r\n \"description\": \"Enable or disable monitoring of network security groups with permissive rules\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webApplicationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor web application firewall\",\r\n \"description\": \"Enable or disable the monitoring of unprotected web applications\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Next Generation Firewall (NGFW) monitoring\",\r\n \"description\": \"Enable or disable monitoring network endpoints without a Next Generation Firewall\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor vulnerability assesment\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"storageEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor storage blob encryption\",\r\n \"description\": \"Enable or disable the monitoring of blob encryption for storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor JIT network access\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor application whitelisting\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL Servers auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL Servers\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInAppServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure App Services\",\r\n \"description\": \"Enable or disable the monitoring of diagnostics logs in Azure App Services\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"encryptionOfAutomationAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor encryption of automation accounts\",\r\n \"description\": \"Enable or disable the monitoring of automation account encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"metricAlertsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor metric alerts in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of metric alerts in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic compute VMs\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"classicStorageAccountsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of classic storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Analytics accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Analytics accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Store accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Store accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Event Hub accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInKeyVaultMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Key Vault vaults\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Key Vault vaults\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInKeyVaultRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Key Vault vaults\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Logic Apps workflows\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInLogicAppsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Redis Cache\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Redis Cache\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Search service\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Azure Active Directory authentication in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"clusterProtectionLevelInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor cluster protection level in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of cluster protection level in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Bus\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Bus\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceBusRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Service Bus\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Service Bus namespace authorization rules\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the provisioning of an Azure AD admininistrator for SQL server\",\r\n \"description\": \"Enable or disable the monitoring of an Azure AD admininistrator for SQL server\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the secure transfer to storage account\",\r\n \"description\": \"Enable or disable the monitoring of secure transfer to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Stream Analytics\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Stream Analytics\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Stream Analytics\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"useRbacRulesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor of using built-in RBAC rules\",\r\n \"description\": \"Enable or disable the monitoring of using built-in RBAC rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disabling of unrestricted network access to storage account\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"accessRulesInEventHubNamespaceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hub namespaces\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hub namespaces\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"accessRulesInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hubs\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL vulnerability assessment results\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor maximum number of owners\",\r\n \"description\": \"Enable or disable the monitoring of maximum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor minimus number of owners\",\r\n \"description\": \"Enable or disable the monitoring of minimum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Function App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Web App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Function App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Web App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for API App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Function App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Web App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in API App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in function App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in Web App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Function\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Function\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Web\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in API App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Function App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Web App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in API App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in Web App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in API App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestNodeJsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Node.js in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Node.js version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in API App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in Web App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in API App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use of DDoS protection for virtual network\",\r\n \"description\": \"Enable or disable the monitoring of DDoS protection for virtual network\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in IoT Hubs\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in IoT Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in IoT Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInIoTHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubNamespaceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"useRbacRulesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('useRbacRulesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInStreamAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"secureTransferToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('secureTransferToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInSqlServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInSqlServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"clusterProtectionLevelInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInRedisCacheMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInKeyVaultMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeStoreMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicStorageAccountsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicStorageAccountsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteStart\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteStartEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"encryptionOfAutomationAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('encryptionOfAutomationAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInAppServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInAppServiceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"storageEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('storageEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemConfigurationsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemConfigurationsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('endpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webApplicationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webApplicationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateLessThanOwnersMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateLessThanOwnersMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateMoreThanOneOwnerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestNodeJsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestNodeJsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vnetEnableDDoSProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vnetEnableDDoSProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"25ef9b72-4af2-4501-acd1-fc814e73dde1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Password security settings inside Linux and Windows virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This policy will audit password security settings inside Linux and Windows virtual machines. For a list of individual settings, please follow the aka.ms link to Azure Policy documentation.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55f3eceb-5573-4f18-9695-226972c6d74a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"75714362-cae7-409e-9b99-a8e5075b7fad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web server security settings inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This initiative will both deploy the VM extension and audit web server security settings inside Windows VMs.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8bc55e6b-e9d5-4266-8dac-f688d151ec9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Data Protection Suite\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c937dcb4-4398-4b39-8d63-4a6be432252e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d7fff7ea-9d47-4952-b854-b7da261e48f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f48bcc78-5400-4fb0-b913-5140a2e5fa20\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Azure Monitor\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains many policies with DeployIfNotExists effect with assignPermissions set at the parameter at the individual policy definition level.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_2\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4755676876307240960\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13418251844728914181\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"12068070188350812865\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8310573323379365078\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"560174196401503668\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"7752708915834271964\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/2476fb6f-011e-4bc4-9d07-ba137949735d\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"2476fb6f-011e-4bc4-9d07-ba137949735d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : No DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains no policies with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"LISTOFIMAGEIDTOINCLUDE_WINDOWS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_LINUX_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"492067171675640903\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"2492943854376579140\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/351907c4-cd47-4e63-8246-c591645a58d6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"351907c4-cd47-4e63-8246-c591645a58d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"cosmosdb new aliases test\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"5701618597132748228\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"9148562625737659571\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1317257300482699336\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"636235743263978372\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6540762518326135304\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"16237668974108817340\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/37501145-d01b-4bc8-92d0-c795a19fd164\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd164\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Initiative containing some definitions with deployIfNotExists effect\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9705281775767545600\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"3301615874834833614\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8044870099827093134\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/471eddb2-9421-4b81-8a25-3a0b849544dd\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"471eddb2-9421-4b81-8a25-3a0b849544dd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"6346022531429970426\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/71289c53-22e7-4f31-a6dd-780b532380c6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgatestinitmultiparam\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"TAGNAME_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name1\"\r\n }\r\n },\r\n \"TAGVALUE_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value1\"\r\n }\r\n },\r\n \"TAGNAME_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name2\"\r\n }\r\n },\r\n \"TAGVALUE_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value2\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"7154720483946859542\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_1')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"14987881155449304382\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_2')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/73933cd4-bc06-4e14-8166-3a7109eca21b\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"73933cd4-bc06-4e14-8166-3a7109eca21b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : One DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains one policy with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n },\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": null,\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_WINDOWS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_LINUX_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"12822089530504669560\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"492067171675640903\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"2492943854376579140\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/74016c36-0a9a-436a-8436-291d54eab1a2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"74016c36-0a9a-436a-8436-291d54eab1a2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed set\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"LISTOFALLOWEDSKUS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n },\r\n \"LISTOFRESOURCETYPESNOTALLOWED_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"8962248944013962433\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"value\": \"[parameters('LISTOFALLOWEDSKUS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13081098409154781365\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"value\": \"[parameters('LISTOFRESOURCETYPESNOTALLOWED_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/762007ec-c5ba-41ae-a52d-db0834bea096\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"762007ec-c5ba-41ae-a52d-db0834bea096\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"TestAdditionalResourceType\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4146325350290724164\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Sql/servers/firewallRules\",\r\n \"TrendMicro.DeepSecurity/listCommunicationPreference\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/80894954-5ae1-4391-975d-630e5586d07a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"80894954-5ae1-4391-975d-630e5586d07a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim rt group set\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"1\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"ALLOWEDTYPES_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": null,\r\n \"strongType\": \"resourceTypes\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.EventGrid/domains\",\r\n \"Microsoft.EventGrid/domains/topics\",\r\n \"Microsoft.EventGrid/locations\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"18341726042324576950\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Cdn/checkNameAvailability\",\r\n \"Microsoft.Cdn/checkResourceUsage\",\r\n \"Microsoft.Cdn/profiles\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1359233886895761531\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"value\": \"[parameters('ALLOWEDTYPES_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/82d42e20-f682-48dc-95b1-144f0963f0c1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"82d42e20-f682-48dc-95b1-144f0963f0c1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"tags\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9736595915162791837\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t1\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t1v\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5376449293497609056\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t2\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t2v\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/875cf75e-49c3-47f8-ab8d-89ba3d2311a0\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"875cf75e-49c3-47f8-ab8d-89ba3d2311a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ComplianceTestInitiative\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Compliance test initiative \",\r\n \"metadata\": {\r\n \"category\": \"Compliance test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4047897157028507992\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"4859121137597195236\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"centralus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8935913113203900114\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus2\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/a03db67e-a286-43c3-9098-b2da83d361ad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"a03db67e-a286-43c3-9098-b2da83d361ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : DINE mulitple policies with no role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"storageAccountsResourceGroup\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9705281775767545600\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"661064339838764944\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195\",\r\n \"parameters\": {\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"rohitbhtest\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/b03bf722-f2a8-4a84-8af6-f43b28b5a917\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"b03bf722-f2a8-4a84-8af6-f43b28b5a917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgaparamtest\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"LISTOFRESOURCETYPESNOTALLOWED_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"13081098409154781365\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"value\": \"[parameters('LISTOFRESOURCETYPESNOTALLOWED_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/c020e9eb-47d4-434a-8627-e202808ed117\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c020e9eb-47d4-434a-8627-e202808ed117\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Many DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains many policies with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": null,\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_2\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4755676876307240960\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13418251844728914181\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"12068070188350812865\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8310573323379365078\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"560174196401503668\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"7752708915834271964\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/da84593c-b133-40c2-8524-c79fd38e7450\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7450\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test_sandipsh123\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/db6c5074-a529-4cc8-8882-43f10ef42002\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"db6c5074-a529-4cc8-8882-43f10ef42002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MuratTest\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"murat\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ersan\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"testupdate\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ignite\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Initiative with my parameterized effect policy\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"EFFECT_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Initiative effect\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"16025301204423402856\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"audit\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"15232055014610564026\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('EFFECT_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e6884163-54c6-4f5e-9570-9e4cbd95b078\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e6884163-54c6-4f5e-9570-9e4cbd95b078\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"6782502132987446742\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9867\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/ps3866\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"ps3866\"\r\n }\r\n ]\r\n}", "StatusCode": 200 }, { @@ -348,16 +348,16 @@ "Accept-Encoding" ], "x-ms-request-id": [ - "westus2:f82ba4cb-1f83-43f4-ad30-b83cfde644ae" + "westus2:ae4817c1-3607-480c-bda6-fd35169efa81" ], "x-ms-ratelimit-remaining-subscription-reads": [ - "11993" + "11999" ], "x-ms-correlation-request-id": [ - "99fcd1de-792c-47f0-8dc8-4b7e1eb3c017" + "7f97ac33-c86c-4a9e-8eac-16ffd9d69248" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T213606Z:99fcd1de-792c-47f0-8dc8-4b7e1eb3c017" + "WESTUS2:20190116T193621Z:7f97ac33-c86c-4a9e-8eac-16ffd9d69248" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -366,10 +366,10 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:36:05 GMT" + "Wed, 16 Jan 2019 19:36:20 GMT" ], "Content-Length": [ - "91044" + "93897" ], "Content-Type": [ "application/json; charset=utf-8" @@ -381,7 +381,7 @@ "0" ] }, - "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Monitoring in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor system updates\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor OS vulnerabilities\",\r\n \"description\": \"Enable or disable OS vulnerabilities monitoring (based on a configured baseline)\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor endpoint protection\",\r\n \"description\": \"Enable or disable endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disk encryption\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor network security groups\",\r\n \"description\": \"Enable or disable monitoring of network security groups with permissive rules\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webApplicationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor web application firewall\",\r\n \"description\": \"Enable or disable the monitoring of unprotected web applications\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Next Generation Firewall (NGFW) monitoring\",\r\n \"description\": \"Enable or disable monitoring network endpoints without a Next Generation Firewall\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor vulnerability assesment\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"storageEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor storage blob encryption\",\r\n \"description\": \"Enable or disable the monitoring of blob encryption for storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor JIT network access\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor application whitelisting\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL Servers auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL Servers\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInAppServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure App Services\",\r\n \"description\": \"Enable or disable the monitoring of diagnostics logs in Azure App Services\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"encryptionOfAutomationAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor encryption of automation accounts\",\r\n \"description\": \"Enable or disable the monitoring of automation account encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"metricAlertsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor metric alerts in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of metric alerts in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic compute VMs\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"classicStorageAccountsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of classic storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Analytics accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Analytics accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Store accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Store accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Event Hub accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInKeyVaultMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Key Vault vaults\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Key Vault vaults\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInKeyVaultRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Key Vault vaults\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Logic Apps workflows\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInLogicAppsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Redis Cache\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Redis Cache\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Search service\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Azure Active Directory authentication in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"clusterProtectionLevelInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor cluster protection level in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of cluster protection level in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Bus\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Bus\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceBusRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Service Bus\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Service Bus namespace authorization rules\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the provisioning of an Azure AD admininistrator for SQL server\",\r\n \"description\": \"Enable or disable the monitoring of an Azure AD admininistrator for SQL server\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the secure transfer to storage account\",\r\n \"description\": \"Enable or disable the monitoring of secure transfer to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Stream Analytics\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Stream Analytics\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Stream Analytics\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"useRbacRulesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor of using built-in RBAC rules\",\r\n \"description\": \"Enable or disable the monitoring of using built-in RBAC rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disabling of unrestricted network access to storage account\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"accessRulesInEventHubNamespaceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hub namespaces\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hub namespaces\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"accessRulesInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hubs\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL vulnerability assessment results\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor maximum number of owners\",\r\n \"description\": \"Enable or disable the monitoring of maximum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor minimus number of owners\",\r\n \"description\": \"Enable or disable the monitoring of minimum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Function App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Web App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Function App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Web App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for API App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Function App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Web App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in API App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in function App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in Web App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Function\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Function\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Web\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in API App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Function App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Web App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in API App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in Web App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in API App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestNodeJsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Node.js in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Node.js version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in API App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in Web App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in API App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use of DDoS protection for virtual network\",\r\n \"description\": \"Enable or disable the monitoring of DDoS protection for virtual network\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubNamespaceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"useRbacRulesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('useRbacRulesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInStreamAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"secureTransferToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('secureTransferToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInSqlServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInSqlServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"clusterProtectionLevelInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInRedisCacheMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInKeyVaultMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeStoreMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicStorageAccountsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicStorageAccountsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteStart\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteStartEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteComplete\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteCompleteEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"encryptionOfAutomationAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('encryptionOfAutomationAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInAppServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInAppServiceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"storageEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('storageEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemConfigurationsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemConfigurationsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('endpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webApplicationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webApplicationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateLessThanOwnersMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateLessThanOwnersMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateMoreThanOneOwnerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestNodeJsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestNodeJsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vnetEnableDDoSProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vnetEnableDDoSProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"25ef9b72-4af2-4501-acd1-fc814e73dde1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Password security settings inside Linux and Windows virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This policy will audit password security settings inside Linux and Windows virtual machines. For a list of individual settings, please follow the aka.ms link to Azure Policy documentation.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55f3eceb-5573-4f18-9695-226972c6d74a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"75714362-cae7-409e-9b99-a8e5075b7fad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web server security settings inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This initiative will both deploy the VM extension and audit web server security settings inside Windows VMs.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8bc55e6b-e9d5-4266-8dac-f688d151ec9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Data Protection Suite\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c937dcb4-4398-4b39-8d63-4a6be432252e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d7fff7ea-9d47-4952-b854-b7da261e48f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f48bcc78-5400-4fb0-b913-5140a2e5fa20\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce VM Port Lockdown\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Enforces that specific port ranges have access restricted to either CorpNet or SAW (depending on source IP range chosen during assignment)\",\r\n \"metadata\": {\r\n \"category\": \"Port Lockdown\",\r\n \"parameterScopes\": {\r\n \"access\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"SOURCEADDRESSPREFIXES_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IP restriction prefixes\",\r\n \"description\": null\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"5930870351761903477\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389\",\r\n \"3389-3390\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"14554220312663270802\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"5986\",\r\n \"5985\",\r\n \"5985-5986\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"9245329265770241913\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"22\",\r\n \"22-22\",\r\n \"22-23\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"17233112498738905251\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"23\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"11847028610508251009\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"1433\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5782128531867937477\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"445\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6932989581576954984\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"135\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"797444469315623872\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/d7b13c30-e6aa-47e1-b50a-8e33f152d086\",\r\n \"parameters\": {\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389\",\r\n \"3389-3390\",\r\n \"5986\",\r\n \"5985\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"22-22\",\r\n \"22-23\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6167651208609008778\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ebcd21e9-b89f-4a22-8654-dd3a4d8b9321\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5487397055645750292\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/210ed8bd-6b07-4d5e-a62c-c34f07293288\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389-3390\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5721159336579598604\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": \"[parameters('SOURCEADDRESSPREFIXES_1')]\"\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389-3390\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n },\r\n \"priority\": {\r\n \"value\": \"3997\"\r\n },\r\n \"access\": {\r\n \"value\": \"Allow\"\r\n },\r\n \"name\": {\r\n \"value\": \"PortLockdown_ControlledPorts_Restrict\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"783328307102833297\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": [\r\n \"VirtualNetwork\"\r\n ]\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389-3390\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n },\r\n \"priority\": {\r\n \"value\": \"3998\"\r\n },\r\n \"access\": {\r\n \"value\": \"Allow\"\r\n },\r\n \"name\": {\r\n \"value\": \"PortLockdown_ControlledPorts_AllowVnet\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13264874163570265928\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": [\r\n \"*\"\r\n ]\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"3389-3390\",\r\n \"5985-5986\",\r\n \"22\",\r\n \"23\",\r\n \"1433\",\r\n \"445\",\r\n \"135\"\r\n ]\r\n },\r\n \"priority\": {\r\n \"value\": \"3999\"\r\n },\r\n \"access\": {\r\n \"value\": \"Deny\"\r\n },\r\n \"name\": {\r\n \"value\": \"PortLockdown_ControlledPorts_Deny\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"10868451132156218171\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115\",\r\n \"parameters\": {\r\n \"nsgPrefix\": {\r\n \"value\": \"PortLockdown\"\r\n },\r\n \"sourceAddressPrefixes\": {\r\n \"value\": [\r\n \"*\"\r\n ]\r\n },\r\n \"destinationPortRanges\": {\r\n \"value\": [\r\n \"*\"\r\n ]\r\n },\r\n \"priority\": {\r\n \"value\": \"4000\"\r\n },\r\n \"access\": {\r\n \"value\": \"Allow\"\r\n },\r\n \"name\": {\r\n \"value\": \"PortLockdown_AllowAll\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7115\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"20c4afd0-8a77-4433-b8b0-4ad06e4c7115\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"cosmosdb new aliases test\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"5701618597132748228\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"9148562625737659571\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1317257300482699336\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"636235743263978372\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6540762518326135304\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"16237668974108817340\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/37501145-d01b-4bc8-92d0-c795a19fd164\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd164\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Initiative containing some definitions with deployIfNotExists effect\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9705281775767545600\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"3301615874834833614\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8044870099827093134\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/471eddb2-9421-4b81-8a25-3a0b849544dd\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"471eddb2-9421-4b81-8a25-3a0b849544dd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Initiative with all DeployIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"This initiative does the following:\\nDeploy log analytics agent for windows VMs if the VM image is in the list.\\nDeploy dependency agent for windows VMs if the VM image is in the list.\\nDeploy VM extension for Microsoft Guest configuration.\\nDeploy threat detection on SQL servers.\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"10987062065622974413\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/resourcegroups/robgatestworkspace/providers/microsoft.operationalinsights/workspaces/robgatestworkspace\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"10737899326468628454\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1633155469258918721\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"3301615874834833614\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/61d6052b-cfd5-4ba4-bde7-8301ffb715b2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"61d6052b-cfd5-4ba4-bde7-8301ffb715b2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"6346022531429970426\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/71289c53-22e7-4f31-a6dd-780b532380c6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgatestinitmultiparam\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"TAGNAME_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name1\"\r\n }\r\n },\r\n \"TAGVALUE_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value1\"\r\n }\r\n },\r\n \"TAGNAME_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name2\"\r\n }\r\n },\r\n \"TAGVALUE_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value2\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"7154720483946859542\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_1')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"14987881155449304382\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_2')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/73933cd4-bc06-4e14-8166-3a7109eca21b\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"73933cd4-bc06-4e14-8166-3a7109eca21b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed set\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"LISTOFALLOWEDSKUS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n },\r\n \"LISTOFRESOURCETYPESNOTALLOWED_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"8962248944013962433\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"value\": \"[parameters('LISTOFALLOWEDSKUS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13081098409154781365\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"value\": \"[parameters('LISTOFRESOURCETYPESNOTALLOWED_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/762007ec-c5ba-41ae-a52d-db0834bea096\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"762007ec-c5ba-41ae-a52d-db0834bea096\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"TestAdditionalResourceType\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4146325350290724164\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Sql/servers/firewallRules\",\r\n \"TrendMicro.DeepSecurity/listCommunicationPreference\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/80894954-5ae1-4391-975d-630e5586d07a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"80894954-5ae1-4391-975d-630e5586d07a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim rt group set\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"1\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"ALLOWEDTYPES_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": null,\r\n \"strongType\": \"resourceTypes\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.EventGrid/domains\",\r\n \"Microsoft.EventGrid/domains/topics\",\r\n \"Microsoft.EventGrid/locations\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"18341726042324576950\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Cdn/checkNameAvailability\",\r\n \"Microsoft.Cdn/checkResourceUsage\",\r\n \"Microsoft.Cdn/profiles\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1359233886895761531\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"value\": \"[parameters('ALLOWEDTYPES_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/82d42e20-f682-48dc-95b1-144f0963f0c1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"82d42e20-f682-48dc-95b1-144f0963f0c1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"tags\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9736595915162791837\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t1\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t1v\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5376449293497609056\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t2\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t2v\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/875cf75e-49c3-47f8-ab8d-89ba3d2311a0\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"875cf75e-49c3-47f8-ab8d-89ba3d2311a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ComplianceTestInitiative\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Compliance test initiative \",\r\n \"metadata\": {\r\n \"category\": \"Compliance test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4047897157028507992\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"4859121137597195236\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"centralus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8935913113203900114\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus2\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/a03db67e-a286-43c3-9098-b2da83d361ad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"a03db67e-a286-43c3-9098-b2da83d361ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Azure monitor\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"rohitbh\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"3178424317310892118\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"4272332260627975108\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/cd5cafc8-25f1-443b-a0d5-a37d8cb782cf\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"cd5cafc8-25f1-443b-a0d5-a37d8cb782cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test_sandipsh123\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/db6c5074-a529-4cc8-8882-43f10ef42002\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"db6c5074-a529-4cc8-8882-43f10ef42002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MuratTest\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"murat\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ersan\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"testupdate\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ignite\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Initiative with my parameterized effect policy\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"EFFECT_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Initiative effect\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"16025301204423402856\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"audit\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"15232055014610564026\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('EFFECT_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e6884163-54c6-4f5e-9570-9e4cbd95b078\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e6884163-54c6-4f5e-9570-9e4cbd95b078\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Initiative with parameterized deployIfNotExists\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"parameterScopes\": {\r\n \"namePattern\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"EFFECT_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"strongType\": \"omsWorkspace\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"7548235847093577126\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[parameters('EFFECT_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"94784994378515624\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign\",\r\n \"parameters\": {\r\n \"namePattern\": {\r\n \"value\": \"one\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/fbcd550f-aeec-40fc-b92f-96aece1f50cd\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"fbcd550f-aeec-40fc-b92f-96aece1f50cd\"\r\n }\r\n ]\r\n}", + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Monitoring in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor system updates\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor OS vulnerabilities\",\r\n \"description\": \"Enable or disable OS vulnerabilities monitoring (based on a configured baseline)\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor endpoint protection\",\r\n \"description\": \"Enable or disable endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disk encryption\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor network security groups\",\r\n \"description\": \"Enable or disable monitoring of network security groups with permissive rules\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webApplicationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor web application firewall\",\r\n \"description\": \"Enable or disable the monitoring of unprotected web applications\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Next Generation Firewall (NGFW) monitoring\",\r\n \"description\": \"Enable or disable monitoring network endpoints without a Next Generation Firewall\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor vulnerability assesment\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"storageEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor storage blob encryption\",\r\n \"description\": \"Enable or disable the monitoring of blob encryption for storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor JIT network access\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor application whitelisting\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL Servers auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL Servers\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInAppServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure App Services\",\r\n \"description\": \"Enable or disable the monitoring of diagnostics logs in Azure App Services\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"encryptionOfAutomationAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor encryption of automation accounts\",\r\n \"description\": \"Enable or disable the monitoring of automation account encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"metricAlertsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor metric alerts in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of metric alerts in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic compute VMs\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"classicStorageAccountsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of classic storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Analytics accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Analytics accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Store accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Store accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Event Hub accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInKeyVaultMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Key Vault vaults\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Key Vault vaults\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInKeyVaultRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Key Vault vaults\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Logic Apps workflows\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInLogicAppsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Redis Cache\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Redis Cache\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Search service\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Azure Active Directory authentication in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"clusterProtectionLevelInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor cluster protection level in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of cluster protection level in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Bus\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Bus\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceBusRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Service Bus\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Service Bus namespace authorization rules\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the provisioning of an Azure AD admininistrator for SQL server\",\r\n \"description\": \"Enable or disable the monitoring of an Azure AD admininistrator for SQL server\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the secure transfer to storage account\",\r\n \"description\": \"Enable or disable the monitoring of secure transfer to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Stream Analytics\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Stream Analytics\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Stream Analytics\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"useRbacRulesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor of using built-in RBAC rules\",\r\n \"description\": \"Enable or disable the monitoring of using built-in RBAC rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disabling of unrestricted network access to storage account\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"accessRulesInEventHubNamespaceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hub namespaces\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hub namespaces\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"accessRulesInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hubs\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL vulnerability assessment results\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor maximum number of owners\",\r\n \"description\": \"Enable or disable the monitoring of maximum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor minimus number of owners\",\r\n \"description\": \"Enable or disable the monitoring of minimum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Function App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Web App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Function App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Web App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for API App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Function App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Web App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in API App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in function App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in Web App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Function\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Function\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Web\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in API App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Function App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Web App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in API App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in Web App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in API App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestNodeJsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Node.js in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Node.js version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in API App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in Web App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in API App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use of DDoS protection for virtual network\",\r\n \"description\": \"Enable or disable the monitoring of DDoS protection for virtual network\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in IoT Hubs\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in IoT Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in IoT Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInIoTHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubNamespaceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"useRbacRulesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('useRbacRulesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInStreamAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"secureTransferToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('secureTransferToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInSqlServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInSqlServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"clusterProtectionLevelInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInRedisCacheMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInKeyVaultMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeStoreMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicStorageAccountsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicStorageAccountsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteStart\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteStartEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"encryptionOfAutomationAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('encryptionOfAutomationAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInAppServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInAppServiceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"storageEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('storageEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemConfigurationsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemConfigurationsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('endpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webApplicationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webApplicationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateLessThanOwnersMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateLessThanOwnersMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateMoreThanOneOwnerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestNodeJsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestNodeJsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vnetEnableDDoSProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vnetEnableDDoSProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"25ef9b72-4af2-4501-acd1-fc814e73dde1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Password security settings inside Linux and Windows virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This policy will audit password security settings inside Linux and Windows virtual machines. For a list of individual settings, please follow the aka.ms link to Azure Policy documentation.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55f3eceb-5573-4f18-9695-226972c6d74a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"75714362-cae7-409e-9b99-a8e5075b7fad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web server security settings inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This initiative will both deploy the VM extension and audit web server security settings inside Windows VMs.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8bc55e6b-e9d5-4266-8dac-f688d151ec9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Data Protection Suite\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c937dcb4-4398-4b39-8d63-4a6be432252e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d7fff7ea-9d47-4952-b854-b7da261e48f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f48bcc78-5400-4fb0-b913-5140a2e5fa20\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Azure Monitor\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains many policies with DeployIfNotExists effect with assignPermissions set at the parameter at the individual policy definition level.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_2\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4755676876307240960\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13418251844728914181\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"12068070188350812865\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8310573323379365078\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"560174196401503668\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"7752708915834271964\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/2476fb6f-011e-4bc4-9d07-ba137949735d\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"2476fb6f-011e-4bc4-9d07-ba137949735d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : No DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains no policies with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"LISTOFIMAGEIDTOINCLUDE_WINDOWS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_LINUX_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"492067171675640903\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"2492943854376579140\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/351907c4-cd47-4e63-8246-c591645a58d6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"351907c4-cd47-4e63-8246-c591645a58d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"cosmosdb new aliases test\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"5701618597132748228\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"9148562625737659571\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1317257300482699336\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"636235743263978372\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6540762518326135304\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"16237668974108817340\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/37501145-d01b-4bc8-92d0-c795a19fd164\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"37501145-d01b-4bc8-92d0-c795a19fd164\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Initiative containing some definitions with deployIfNotExists effect\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9705281775767545600\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"3301615874834833614\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8044870099827093134\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/471eddb2-9421-4b81-8a25-3a0b849544dd\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"471eddb2-9421-4b81-8a25-3a0b849544dd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Policy tracked resources SDK tests\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"6346022531429970426\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/71289c53-22e7-4f31-a6dd-780b532380c6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"71289c53-22e7-4f31-a6dd-780b532380c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgatestinitmultiparam\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"TAGNAME_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name1\"\r\n }\r\n },\r\n \"TAGVALUE_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value1\"\r\n }\r\n },\r\n \"TAGNAME_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name2\"\r\n }\r\n },\r\n \"TAGVALUE_2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value2\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"7154720483946859542\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_1')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"14987881155449304382\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"[parameters('TAGNAME_2')]\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"[parameters('TAGVALUE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/73933cd4-bc06-4e14-8166-3a7109eca21b\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"73933cd4-bc06-4e14-8166-3a7109eca21b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : One DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains one policy with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n },\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": null,\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_WINDOWS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_LINUX_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"12822089530504669560\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"492067171675640903\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"2492943854376579140\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_WINDOWS_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_LINUX_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/74016c36-0a9a-436a-8436-291d54eab1a2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"74016c36-0a9a-436a-8436-291d54eab1a2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim allowed set\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Test\"\r\n },\r\n \"parameters\": {\r\n \"LISTOFALLOWEDSKUS_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n },\r\n \"LISTOFRESOURCETYPESNOTALLOWED_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"8962248944013962433\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"value\": \"[parameters('LISTOFALLOWEDSKUS_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13081098409154781365\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"value\": \"[parameters('LISTOFRESOURCETYPESNOTALLOWED_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/762007ec-c5ba-41ae-a52d-db0834bea096\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"762007ec-c5ba-41ae-a52d-db0834bea096\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"TestAdditionalResourceType\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4146325350290724164\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Sql/servers/firewallRules\",\r\n \"TrendMicro.DeepSecurity/listCommunicationPreference\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/80894954-5ae1-4391-975d-630e5586d07a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"80894954-5ae1-4391-975d-630e5586d07a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim rt group set\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"1\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"parameterScopes\": {\r\n \"listOfResourceTypesAllowed\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"ALLOWEDTYPES_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"description\": null,\r\n \"strongType\": \"resourceTypes\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.EventGrid/domains\",\r\n \"Microsoft.EventGrid/domains/topics\",\r\n \"Microsoft.EventGrid/locations\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"18341726042324576950\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"value\": [\r\n \"Microsoft.Cdn/checkNameAvailability\",\r\n \"Microsoft.Cdn/checkResourceUsage\",\r\n \"Microsoft.Cdn/profiles\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"1359233886895761531\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba\",\r\n \"parameters\": {\r\n \"allowedTypes\": {\r\n \"value\": \"[parameters('ALLOWEDTYPES_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/82d42e20-f682-48dc-95b1-144f0963f0c1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"82d42e20-f682-48dc-95b1-144f0963f0c1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"tags\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9736595915162791837\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t1\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t1v\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"5376449293497609056\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"t2\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"t2v\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/875cf75e-49c3-47f8-ab8d-89ba3d2311a0\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"875cf75e-49c3-47f8-ab8d-89ba3d2311a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ComplianceTestInitiative\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Compliance test initiative \",\r\n \"metadata\": {\r\n \"category\": \"Compliance test\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4047897157028507992\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"4859121137597195236\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"centralus\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8935913113203900114\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"eastus2\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/a03db67e-a286-43c3-9098-b2da83d361ad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"a03db67e-a286-43c3-9098-b2da83d361ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : DINE mulitple policies with no role definitions\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"storageAccountsResourceGroup\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9705281775767545600\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"661064339838764944\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195\",\r\n \"parameters\": {\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"rohitbhtest\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/b03bf722-f2a8-4a84-8af6-f43b28b5a917\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"b03bf722-f2a8-4a84-8af6-f43b28b5a917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robgaparamtest\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"LISTOFRESOURCETYPESNOTALLOWED_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"13081098409154781365\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"value\": \"[parameters('LISTOFRESOURCETYPESNOTALLOWED_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/c020e9eb-47d4-434a-8627-e202808ed117\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c020e9eb-47d4-434a-8627-e202808ed117\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh : Many DINE\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Contains many policies with DeployIfNotExists effect\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"LOGANALYTICS_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": null,\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_1\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"LISTOFIMAGEIDTOINCLUDE_2\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4755676876307240960\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7121\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"13418251844728914181\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7126\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('LOGANALYTICS_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"12068070188350812865\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e712b\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"8310573323379365078\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7130\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"560174196401503668\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e7135\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"7752708915834271964\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/da84593c-b133-40c2-8524-c79fd38e713a\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_1')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('LISTOFIMAGEIDTOINCLUDE_2')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/da84593c-b133-40c2-8524-c79fd38e7450\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"da84593c-b133-40c2-8524-c79fd38e7450\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test_sandipsh123\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/db6c5074-a529-4cc8-8882-43f10ef42002\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"db6c5074-a529-4cc8-8882-43f10ef42002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MuratTest\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and it's value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"murat\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ersan\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/Audit a tag and its value\",\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"testupdate\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"ignite\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Initiative with my parameterized effect policy\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"category\": \"camarvin\",\r\n \"parameterScopes\": {\r\n \"logAnalytics\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5\"\r\n }\r\n },\r\n \"parameters\": {\r\n \"EFFECT_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Initiative effect\",\r\n \"description\": null\r\n },\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"16025301204423402856\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"audit\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"15232055014610564026\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('EFFECT_1')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/e6884163-54c6-4f5e-9570-9e4cbd95b078\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e6884163-54c6-4f5e-9570-9e4cbd95b078\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"6782502132987446742\",\r\n \"policyDefinitionId\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policyDefinitions/ps9867\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policySetDefinitions/ps3866\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"ps3866\"\r\n }\r\n ]\r\n}", "StatusCode": 200 }, { @@ -409,16 +409,16 @@ "no-cache" ], "x-ms-request-id": [ - "westus2:99a20a73-5c05-4650-9f0a-1cdcb4f966ad" + "westus2:ef74735c-e53c-4cb3-bb96-62f82d6eade0" ], "x-ms-ratelimit-remaining-subscription-reads": [ - "11995" + "11997" ], "x-ms-correlation-request-id": [ - "59a6f8d9-5480-4aee-9e84-8cc12a6df9f3" + "ebeae3fd-0021-496c-a1c8-e80b877f4b05" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T213601Z:59a6f8d9-5480-4aee-9e84-8cc12a6df9f3" + "WESTUS2:20190116T193615Z:ebeae3fd-0021-496c-a1c8-e80b877f4b05" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -427,7 +427,7 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:36:00 GMT" + "Wed, 16 Jan 2019 19:36:15 GMT" ], "Content-Length": [ "117" @@ -470,16 +470,199 @@ "no-cache" ], "x-ms-request-id": [ - "westus2:8f2ee7df-2697-4bf6-b5f8-eb075691b249" + "westus2:0ba34e28-1b0c-4577-9417-3e89bbeb5966" ], "x-ms-ratelimit-remaining-subscription-reads": [ - "11993" + "11996" + ], + "x-ms-correlation-request-id": [ + "4fb153ef-2406-45eb-8b49-c8c47aaead77" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T193616Z:4fb153ef-2406-45eb-8b49-c8c47aaead77" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 19:36:16 GMT" + ], + "Content-Length": [ + "117" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicySetDefinitionNotFound\",\r\n \"message\": \"The policy set definition 'someName' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policysetdefinitions/someName?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "NameParameterSet" + ], + "CommandName": [ + "Get-AzPolicySetDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:13715733-3faf-498c-8852-09f1d0b72331" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11999" + ], + "x-ms-correlation-request-id": [ + "a4af2d1a-a122-492c-a50c-9f5604c9c485" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T193616Z:a4af2d1a-a122-492c-a50c-9f5604c9c485" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 19:36:16 GMT" + ], + "Content-Length": [ + "117" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicySetDefinitionNotFound\",\r\n \"message\": \"The policy set definition 'someName' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policysetdefinitions/someName?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "ManagementGroupNameParameterSet" + ], + "CommandName": [ + "Get-AzPolicySetDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:c16e9a9a-1c7c-4a0d-8cb0-8c7e0f740b1a" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-correlation-request-id": [ + "bc31cc9c-1a2a-402d-814a-89cf778269ed" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T193616Z:bc31cc9c-1a2a-402d-814a-89cf778269ed" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 19:36:15 GMT" + ], + "Content-Length": [ + "117" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicySetDefinitionNotFound\",\r\n \"message\": \"The policy set definition 'someName' could not be found.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policysetdefinitions/someName?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "SubscriptionIdParameterSet" + ], + "CommandName": [ + "Get-AzPolicySetDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-request-id": [ + "westus2:29b76b42-30f3-4804-b946-4affe4817be2" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11999" ], "x-ms-correlation-request-id": [ - "7d2c585c-9692-408b-a7db-37df3f97f4d8" + "2db28ff8-5fdc-4336-b0d9-36af5ba8b7d9" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T213601Z:7d2c585c-9692-408b-a7db-37df3f97f4d8" + "WESTUS2:20190116T193616Z:2db28ff8-5fdc-4336-b0d9-36af5ba8b7d9" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -488,7 +671,7 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:36:01 GMT" + "Wed, 16 Jan 2019 19:36:16 GMT" ], "Content-Length": [ "117" @@ -531,16 +714,16 @@ "no-cache" ], "x-ms-request-id": [ - "westus2:9918486b-5031-41e8-a191-8d6e6c513976" + "westus2:66c94ae9-d6d5-4677-8d77-bc144d84c8f4" ], "x-ms-ratelimit-remaining-tenant-reads": [ - "11989" + "11998" ], "x-ms-correlation-request-id": [ - "c27eb426-e24c-4781-8b48-e8b3ee7a3b4d" + "bb054e70-f0ba-4e21-b43d-02ccd74e8d7c" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T213601Z:c27eb426-e24c-4781-8b48-e8b3ee7a3b4d" + "WESTUS2:20190116T193616Z:bb054e70-f0ba-4e21-b43d-02ccd74e8d7c" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -549,7 +732,7 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:36:01 GMT" + "Wed, 16 Jan 2019 19:36:16 GMT" ], "Content-Length": [ "117" @@ -592,16 +775,16 @@ "no-cache" ], "x-ms-request-id": [ - "westus2:e06b412d-151b-4b47-8dc2-70153cd4e274" + "westus2:82352a8f-65e1-4ab0-b603-caf5c84eaf94" ], "x-ms-ratelimit-remaining-subscription-reads": [ - "11991" + "11999" ], "x-ms-correlation-request-id": [ - "dd28d4af-161d-4e7c-a20c-11f561df8d17" + "4f2b97cc-d054-44ef-a406-387e989180ea" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T213601Z:dd28d4af-161d-4e7c-a20c-11f561df8d17" + "WESTUS2:20190116T193616Z:4f2b97cc-d054-44ef-a406-387e989180ea" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -610,7 +793,7 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:36:01 GMT" + "Wed, 16 Jan 2019 19:36:15 GMT" ], "Content-Length": [ "117" @@ -628,6 +811,70 @@ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicySetDefinitionNotFound\",\r\n \"message\": \"The policy set definition 'someName' could not be found.\"\r\n }\r\n}", "StatusCode": 404 }, + { + "RequestUri": "/Providers/Microsoft.Authorization/policysetdefinitions?api-version=2018-05-01", + "EncodedRequestUri": "L1Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucz9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", + "RequestMethod": "GET", + "RequestBody": "", + "RequestHeaders": { + "User-Agent": [ + "AzurePowershell/v1.0.0", + "PSVersion/v6.1.0" + ], + "ParameterSetName": [ + "IdParameterSet" + ], + "CommandName": [ + "Get-AzPolicySetDefinition" + ] + }, + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Vary": [ + "Accept-Encoding" + ], + "x-ms-ratelimit-remaining-tenant-reads": [ + "11998" + ], + "x-ms-request-id": [ + "westus2:b6315f88-53c4-4253-a7ed-82e93615ba30" + ], + "x-ms-correlation-request-id": [ + "ced88d09-d5b3-4874-b68e-59896b4b78ae" + ], + "x-ms-routing-request-id": [ + "WESTUS2:20190116T193616Z:ced88d09-d5b3-4874-b68e-59896b4b78ae" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 16 Jan 2019 19:36:16 GMT" + ], + "Content-Length": [ + "68218" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ], + "Retry-After": [ + "0" + ] + }, + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Monitoring in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor system updates\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor OS vulnerabilities\",\r\n \"description\": \"Enable or disable OS vulnerabilities monitoring (based on a configured baseline)\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor endpoint protection\",\r\n \"description\": \"Enable or disable endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disk encryption\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor network security groups\",\r\n \"description\": \"Enable or disable monitoring of network security groups with permissive rules\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webApplicationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor web application firewall\",\r\n \"description\": \"Enable or disable the monitoring of unprotected web applications\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Next Generation Firewall (NGFW) monitoring\",\r\n \"description\": \"Enable or disable monitoring network endpoints without a Next Generation Firewall\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor vulnerability assesment\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"storageEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor storage blob encryption\",\r\n \"description\": \"Enable or disable the monitoring of blob encryption for storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor JIT network access\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor application whitelisting\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL Servers auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL Servers\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInAppServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure App Services\",\r\n \"description\": \"Enable or disable the monitoring of diagnostics logs in Azure App Services\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"encryptionOfAutomationAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor encryption of automation accounts\",\r\n \"description\": \"Enable or disable the monitoring of automation account encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"metricAlertsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor metric alerts in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of metric alerts in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic compute VMs\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"classicStorageAccountsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of classic storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Analytics accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Analytics accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Store accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Store accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Event Hub accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInKeyVaultMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Key Vault vaults\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Key Vault vaults\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInKeyVaultRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Key Vault vaults\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Logic Apps workflows\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInLogicAppsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Redis Cache\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Redis Cache\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Search service\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Azure Active Directory authentication in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"clusterProtectionLevelInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor cluster protection level in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of cluster protection level in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Bus\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Bus\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceBusRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Service Bus\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Service Bus namespace authorization rules\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the provisioning of an Azure AD admininistrator for SQL server\",\r\n \"description\": \"Enable or disable the monitoring of an Azure AD admininistrator for SQL server\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the secure transfer to storage account\",\r\n \"description\": \"Enable or disable the monitoring of secure transfer to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Stream Analytics\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Stream Analytics\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Stream Analytics\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"useRbacRulesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor of using built-in RBAC rules\",\r\n \"description\": \"Enable or disable the monitoring of using built-in RBAC rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disabling of unrestricted network access to storage account\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"accessRulesInEventHubNamespaceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hub namespaces\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hub namespaces\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"accessRulesInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hubs\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL vulnerability assessment results\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor maximum number of owners\",\r\n \"description\": \"Enable or disable the monitoring of maximum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor minimus number of owners\",\r\n \"description\": \"Enable or disable the monitoring of minimum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Function App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Web App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Function App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Web App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for API App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Function App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Web App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in API App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in function App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in Web App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Function\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Function\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Web\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in API App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Function App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Web App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in API App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in Web App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in API App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestNodeJsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Node.js in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Node.js version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in API App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in Web App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in API App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use of DDoS protection for virtual network\",\r\n \"description\": \"Enable or disable the monitoring of DDoS protection for virtual network\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in IoT Hubs\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in IoT Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in IoT Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInIoTHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubNamespaceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"useRbacRulesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('useRbacRulesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInStreamAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"secureTransferToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('secureTransferToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInSqlServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInSqlServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"clusterProtectionLevelInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInRedisCacheMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInKeyVaultMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeStoreMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicStorageAccountsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicStorageAccountsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteStart\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteStartEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"encryptionOfAutomationAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('encryptionOfAutomationAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInAppServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInAppServiceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"storageEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('storageEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemConfigurationsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemConfigurationsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('endpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webApplicationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webApplicationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateLessThanOwnersMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateLessThanOwnersMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateMoreThanOneOwnerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestNodeJsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestNodeJsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vnetEnableDDoSProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vnetEnableDDoSProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"25ef9b72-4af2-4501-acd1-fc814e73dde1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Password security settings inside Linux and Windows virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This policy will audit password security settings inside Linux and Windows virtual machines. For a list of individual settings, please follow the aka.ms link to Azure Policy documentation.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55f3eceb-5573-4f18-9695-226972c6d74a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"75714362-cae7-409e-9b99-a8e5075b7fad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web server security settings inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This initiative will both deploy the VM extension and audit web server security settings inside Windows VMs.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8bc55e6b-e9d5-4266-8dac-f688d151ec9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Data Protection Suite\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c937dcb4-4398-4b39-8d63-4a6be432252e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d7fff7ea-9d47-4952-b854-b7da261e48f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f48bcc78-5400-4fb0-b913-5140a2e5fa20\"\r\n }\r\n ]\r\n}", + "StatusCode": 200 + }, { "RequestUri": "/providers/Microsoft.Management/managementgroups/someManagementGroup/providers/Microsoft.Authorization/policysetdefinitions?api-version=2018-05-01", "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL3NvbWVNYW5hZ2VtZW50R3JvdXAvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeXNldGRlZmluaXRpb25zP2FwaS12ZXJzaW9uPTIwMTgtMDUtMDE=", @@ -656,16 +903,16 @@ "Accept-Encoding" ], "x-ms-ratelimit-remaining-tenant-reads": [ - "11990" + "11999" ], "x-ms-request-id": [ - "westus2:9954df4e-c41e-45eb-aa5b-847f7d1e077f" + "westus2:70f5b127-f30e-4f37-bc80-0f1cb9645e69" ], "x-ms-correlation-request-id": [ - "0c379b9e-75eb-4c6a-87f5-35c054f7526f" + "c4aa8abf-0434-495a-b8d4-96ffb2dbe494" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T213601Z:0c379b9e-75eb-4c6a-87f5-35c054f7526f" + "WESTUS2:20190116T193617Z:c4aa8abf-0434-495a-b8d4-96ffb2dbe494" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -674,10 +921,10 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:36:01 GMT" + "Wed, 16 Jan 2019 19:36:17 GMT" ], "Content-Length": [ - "67671" + "68218" ], "Content-Type": [ "application/json; charset=utf-8" @@ -689,7 +936,7 @@ "0" ] }, - "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Monitoring in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor system updates\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor OS vulnerabilities\",\r\n \"description\": \"Enable or disable OS vulnerabilities monitoring (based on a configured baseline)\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor endpoint protection\",\r\n \"description\": \"Enable or disable endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disk encryption\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor network security groups\",\r\n \"description\": \"Enable or disable monitoring of network security groups with permissive rules\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webApplicationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor web application firewall\",\r\n \"description\": \"Enable or disable the monitoring of unprotected web applications\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Next Generation Firewall (NGFW) monitoring\",\r\n \"description\": \"Enable or disable monitoring network endpoints without a Next Generation Firewall\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor vulnerability assesment\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"storageEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor storage blob encryption\",\r\n \"description\": \"Enable or disable the monitoring of blob encryption for storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor JIT network access\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor application whitelisting\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL Servers auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL Servers\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInAppServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure App Services\",\r\n \"description\": \"Enable or disable the monitoring of diagnostics logs in Azure App Services\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"encryptionOfAutomationAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor encryption of automation accounts\",\r\n \"description\": \"Enable or disable the monitoring of automation account encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"metricAlertsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor metric alerts in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of metric alerts in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic compute VMs\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"classicStorageAccountsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of classic storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Analytics accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Analytics accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Store accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Store accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Event Hub accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInKeyVaultMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Key Vault vaults\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Key Vault vaults\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInKeyVaultRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Key Vault vaults\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Logic Apps workflows\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInLogicAppsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Redis Cache\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Redis Cache\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Search service\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Azure Active Directory authentication in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"clusterProtectionLevelInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor cluster protection level in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of cluster protection level in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Bus\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Bus\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceBusRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Service Bus\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Service Bus namespace authorization rules\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the provisioning of an Azure AD admininistrator for SQL server\",\r\n \"description\": \"Enable or disable the monitoring of an Azure AD admininistrator for SQL server\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the secure transfer to storage account\",\r\n \"description\": \"Enable or disable the monitoring of secure transfer to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Stream Analytics\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Stream Analytics\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Stream Analytics\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"useRbacRulesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor of using built-in RBAC rules\",\r\n \"description\": \"Enable or disable the monitoring of using built-in RBAC rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disabling of unrestricted network access to storage account\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"accessRulesInEventHubNamespaceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hub namespaces\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hub namespaces\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"accessRulesInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hubs\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL vulnerability assessment results\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor maximum number of owners\",\r\n \"description\": \"Enable or disable the monitoring of maximum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor minimus number of owners\",\r\n \"description\": \"Enable or disable the monitoring of minimum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Function App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Web App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Function App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Web App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for API App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Function App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Web App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in API App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in function App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in Web App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Function\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Function\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Web\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in API App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Function App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Web App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in API App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in Web App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in API App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestNodeJsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Node.js in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Node.js version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in API App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in Web App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in API App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use of DDoS protection for virtual network\",\r\n \"description\": \"Enable or disable the monitoring of DDoS protection for virtual network\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubNamespaceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"useRbacRulesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('useRbacRulesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInStreamAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"secureTransferToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('secureTransferToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInSqlServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInSqlServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"clusterProtectionLevelInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInRedisCacheMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInKeyVaultMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeStoreMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicStorageAccountsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicStorageAccountsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteStart\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteStartEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteComplete\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteCompleteEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"encryptionOfAutomationAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('encryptionOfAutomationAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInAppServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInAppServiceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"storageEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('storageEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemConfigurationsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemConfigurationsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('endpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webApplicationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webApplicationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateLessThanOwnersMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateLessThanOwnersMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateMoreThanOneOwnerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestNodeJsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestNodeJsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vnetEnableDDoSProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vnetEnableDDoSProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"25ef9b72-4af2-4501-acd1-fc814e73dde1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Password security settings inside Linux and Windows virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This policy will audit password security settings inside Linux and Windows virtual machines. For a list of individual settings, please follow the aka.ms link to Azure Policy documentation.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55f3eceb-5573-4f18-9695-226972c6d74a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"75714362-cae7-409e-9b99-a8e5075b7fad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web server security settings inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This initiative will both deploy the VM extension and audit web server security settings inside Windows VMs.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8bc55e6b-e9d5-4266-8dac-f688d151ec9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Data Protection Suite\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c937dcb4-4398-4b39-8d63-4a6be432252e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d7fff7ea-9d47-4952-b854-b7da261e48f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f48bcc78-5400-4fb0-b913-5140a2e5fa20\"\r\n }\r\n ]\r\n}", + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Monitoring in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor system updates\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor OS vulnerabilities\",\r\n \"description\": \"Enable or disable OS vulnerabilities monitoring (based on a configured baseline)\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor endpoint protection\",\r\n \"description\": \"Enable or disable endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disk encryption\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor network security groups\",\r\n \"description\": \"Enable or disable monitoring of network security groups with permissive rules\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webApplicationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor web application firewall\",\r\n \"description\": \"Enable or disable the monitoring of unprotected web applications\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Next Generation Firewall (NGFW) monitoring\",\r\n \"description\": \"Enable or disable monitoring network endpoints without a Next Generation Firewall\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor vulnerability assesment\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"storageEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor storage blob encryption\",\r\n \"description\": \"Enable or disable the monitoring of blob encryption for storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor JIT network access\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor application whitelisting\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL Servers auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL Servers\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInAppServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure App Services\",\r\n \"description\": \"Enable or disable the monitoring of diagnostics logs in Azure App Services\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"encryptionOfAutomationAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor encryption of automation accounts\",\r\n \"description\": \"Enable or disable the monitoring of automation account encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"metricAlertsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor metric alerts in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of metric alerts in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic compute VMs\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"classicStorageAccountsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of classic storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Analytics accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Analytics accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Store accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Store accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Event Hub accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInKeyVaultMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Key Vault vaults\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Key Vault vaults\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInKeyVaultRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Key Vault vaults\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Logic Apps workflows\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInLogicAppsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Redis Cache\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Redis Cache\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Search service\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Azure Active Directory authentication in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"clusterProtectionLevelInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor cluster protection level in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of cluster protection level in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Bus\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Bus\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceBusRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Service Bus\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Service Bus namespace authorization rules\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the provisioning of an Azure AD admininistrator for SQL server\",\r\n \"description\": \"Enable or disable the monitoring of an Azure AD admininistrator for SQL server\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the secure transfer to storage account\",\r\n \"description\": \"Enable or disable the monitoring of secure transfer to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Stream Analytics\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Stream Analytics\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Stream Analytics\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"useRbacRulesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor of using built-in RBAC rules\",\r\n \"description\": \"Enable or disable the monitoring of using built-in RBAC rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disabling of unrestricted network access to storage account\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"accessRulesInEventHubNamespaceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hub namespaces\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hub namespaces\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"accessRulesInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hubs\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL vulnerability assessment results\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor maximum number of owners\",\r\n \"description\": \"Enable or disable the monitoring of maximum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor minimus number of owners\",\r\n \"description\": \"Enable or disable the monitoring of minimum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Function App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Web App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Function App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Web App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for API App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Function App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Web App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in API App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in function App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in Web App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Function\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Function\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Web\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in API App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Function App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Web App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in API App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in Web App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in API App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestNodeJsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Node.js in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Node.js version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in API App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in Web App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in API App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use of DDoS protection for virtual network\",\r\n \"description\": \"Enable or disable the monitoring of DDoS protection for virtual network\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in IoT Hubs\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in IoT Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in IoT Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInIoTHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubNamespaceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"useRbacRulesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('useRbacRulesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInStreamAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"secureTransferToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('secureTransferToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInSqlServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInSqlServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"clusterProtectionLevelInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInRedisCacheMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInKeyVaultMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeStoreMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicStorageAccountsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicStorageAccountsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteStart\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteStartEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"encryptionOfAutomationAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('encryptionOfAutomationAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInAppServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInAppServiceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"storageEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('storageEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemConfigurationsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemConfigurationsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('endpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webApplicationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webApplicationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateLessThanOwnersMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateLessThanOwnersMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateMoreThanOneOwnerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestNodeJsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestNodeJsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vnetEnableDDoSProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vnetEnableDDoSProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"25ef9b72-4af2-4501-acd1-fc814e73dde1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Password security settings inside Linux and Windows virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This policy will audit password security settings inside Linux and Windows virtual machines. For a list of individual settings, please follow the aka.ms link to Azure Policy documentation.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55f3eceb-5573-4f18-9695-226972c6d74a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"75714362-cae7-409e-9b99-a8e5075b7fad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web server security settings inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This initiative will both deploy the VM extension and audit web server security settings inside Windows VMs.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8bc55e6b-e9d5-4266-8dac-f688d151ec9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Data Protection Suite\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c937dcb4-4398-4b39-8d63-4a6be432252e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d7fff7ea-9d47-4952-b854-b7da261e48f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f48bcc78-5400-4fb0-b913-5140a2e5fa20\"\r\n }\r\n ]\r\n}", "StatusCode": 200 }, { @@ -720,16 +967,16 @@ "Accept-Encoding" ], "x-ms-ratelimit-remaining-tenant-reads": [ - "11987" + "11996" ], "x-ms-request-id": [ - "westus2:b878b5f8-1c3d-463f-a999-48a17f45e0a7" + "westus2:8d2ffebe-8911-4e8a-9bf4-0834fc5c7901" ], "x-ms-correlation-request-id": [ - "2639202d-902c-4832-9558-2e362386390b" + "4e6564a8-79be-4b9f-a0d0-5486c80996ac" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T213602Z:2639202d-902c-4832-9558-2e362386390b" + "WESTUS2:20190116T193617Z:4e6564a8-79be-4b9f-a0d0-5486c80996ac" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -738,10 +985,10 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:36:01 GMT" + "Wed, 16 Jan 2019 19:36:17 GMT" ], "Content-Length": [ - "67671" + "68218" ], "Content-Type": [ "application/json; charset=utf-8" @@ -753,7 +1000,7 @@ "0" ] }, - "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Monitoring in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor system updates\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor OS vulnerabilities\",\r\n \"description\": \"Enable or disable OS vulnerabilities monitoring (based on a configured baseline)\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor endpoint protection\",\r\n \"description\": \"Enable or disable endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disk encryption\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor network security groups\",\r\n \"description\": \"Enable or disable monitoring of network security groups with permissive rules\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webApplicationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor web application firewall\",\r\n \"description\": \"Enable or disable the monitoring of unprotected web applications\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Next Generation Firewall (NGFW) monitoring\",\r\n \"description\": \"Enable or disable monitoring network endpoints without a Next Generation Firewall\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor vulnerability assesment\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"storageEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor storage blob encryption\",\r\n \"description\": \"Enable or disable the monitoring of blob encryption for storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor JIT network access\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor application whitelisting\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL Servers auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL Servers\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInAppServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure App Services\",\r\n \"description\": \"Enable or disable the monitoring of diagnostics logs in Azure App Services\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"encryptionOfAutomationAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor encryption of automation accounts\",\r\n \"description\": \"Enable or disable the monitoring of automation account encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"metricAlertsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor metric alerts in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of metric alerts in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic compute VMs\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"classicStorageAccountsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of classic storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Analytics accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Analytics accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Store accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Store accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Event Hub accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInKeyVaultMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Key Vault vaults\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Key Vault vaults\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInKeyVaultRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Key Vault vaults\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Logic Apps workflows\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInLogicAppsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Redis Cache\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Redis Cache\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Search service\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Azure Active Directory authentication in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"clusterProtectionLevelInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor cluster protection level in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of cluster protection level in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Bus\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Bus\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceBusRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Service Bus\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Service Bus namespace authorization rules\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the provisioning of an Azure AD admininistrator for SQL server\",\r\n \"description\": \"Enable or disable the monitoring of an Azure AD admininistrator for SQL server\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the secure transfer to storage account\",\r\n \"description\": \"Enable or disable the monitoring of secure transfer to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Stream Analytics\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Stream Analytics\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Stream Analytics\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"useRbacRulesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor of using built-in RBAC rules\",\r\n \"description\": \"Enable or disable the monitoring of using built-in RBAC rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disabling of unrestricted network access to storage account\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"accessRulesInEventHubNamespaceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hub namespaces\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hub namespaces\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"accessRulesInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hubs\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL vulnerability assessment results\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor maximum number of owners\",\r\n \"description\": \"Enable or disable the monitoring of maximum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor minimus number of owners\",\r\n \"description\": \"Enable or disable the monitoring of minimum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Function App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Web App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Function App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Web App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for API App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Function App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Web App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in API App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in function App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in Web App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Function\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Function\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Web\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in API App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Function App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Web App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in API App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in Web App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in API App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestNodeJsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Node.js in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Node.js version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in API App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in Web App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in API App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use of DDoS protection for virtual network\",\r\n \"description\": \"Enable or disable the monitoring of DDoS protection for virtual network\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubNamespaceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"useRbacRulesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('useRbacRulesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInStreamAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"secureTransferToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('secureTransferToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInSqlServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInSqlServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"clusterProtectionLevelInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInRedisCacheMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInKeyVaultMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeStoreMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicStorageAccountsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicStorageAccountsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteStart\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteStartEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteComplete\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteCompleteEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"encryptionOfAutomationAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('encryptionOfAutomationAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInAppServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInAppServiceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"storageEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('storageEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemConfigurationsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemConfigurationsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('endpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webApplicationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webApplicationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateLessThanOwnersMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateLessThanOwnersMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateMoreThanOneOwnerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestNodeJsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestNodeJsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vnetEnableDDoSProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vnetEnableDDoSProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"25ef9b72-4af2-4501-acd1-fc814e73dde1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Password security settings inside Linux and Windows virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This policy will audit password security settings inside Linux and Windows virtual machines. For a list of individual settings, please follow the aka.ms link to Azure Policy documentation.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55f3eceb-5573-4f18-9695-226972c6d74a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"75714362-cae7-409e-9b99-a8e5075b7fad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web server security settings inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This initiative will both deploy the VM extension and audit web server security settings inside Windows VMs.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8bc55e6b-e9d5-4266-8dac-f688d151ec9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Data Protection Suite\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c937dcb4-4398-4b39-8d63-4a6be432252e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d7fff7ea-9d47-4952-b854-b7da261e48f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f48bcc78-5400-4fb0-b913-5140a2e5fa20\"\r\n }\r\n ]\r\n}", + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Monitoring in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor system updates\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor OS vulnerabilities\",\r\n \"description\": \"Enable or disable OS vulnerabilities monitoring (based on a configured baseline)\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor endpoint protection\",\r\n \"description\": \"Enable or disable endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disk encryption\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor network security groups\",\r\n \"description\": \"Enable or disable monitoring of network security groups with permissive rules\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webApplicationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor web application firewall\",\r\n \"description\": \"Enable or disable the monitoring of unprotected web applications\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Next Generation Firewall (NGFW) monitoring\",\r\n \"description\": \"Enable or disable monitoring network endpoints without a Next Generation Firewall\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor vulnerability assesment\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"storageEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor storage blob encryption\",\r\n \"description\": \"Enable or disable the monitoring of blob encryption for storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor JIT network access\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor application whitelisting\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL Servers auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL Servers\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInAppServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure App Services\",\r\n \"description\": \"Enable or disable the monitoring of diagnostics logs in Azure App Services\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"encryptionOfAutomationAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor encryption of automation accounts\",\r\n \"description\": \"Enable or disable the monitoring of automation account encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"metricAlertsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor metric alerts in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of metric alerts in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic compute VMs\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"classicStorageAccountsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of classic storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Analytics accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Analytics accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Store accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Store accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Event Hub accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInKeyVaultMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Key Vault vaults\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Key Vault vaults\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInKeyVaultRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Key Vault vaults\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Logic Apps workflows\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInLogicAppsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Redis Cache\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Redis Cache\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Search service\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Azure Active Directory authentication in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"clusterProtectionLevelInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor cluster protection level in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of cluster protection level in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Bus\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Bus\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceBusRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Service Bus\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Service Bus namespace authorization rules\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the provisioning of an Azure AD admininistrator for SQL server\",\r\n \"description\": \"Enable or disable the monitoring of an Azure AD admininistrator for SQL server\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the secure transfer to storage account\",\r\n \"description\": \"Enable or disable the monitoring of secure transfer to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Stream Analytics\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Stream Analytics\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Stream Analytics\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"useRbacRulesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor of using built-in RBAC rules\",\r\n \"description\": \"Enable or disable the monitoring of using built-in RBAC rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disabling of unrestricted network access to storage account\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"accessRulesInEventHubNamespaceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hub namespaces\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hub namespaces\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"accessRulesInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hubs\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL vulnerability assessment results\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor maximum number of owners\",\r\n \"description\": \"Enable or disable the monitoring of maximum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor minimus number of owners\",\r\n \"description\": \"Enable or disable the monitoring of minimum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Function App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Web App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Function App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Web App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for API App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Function App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Web App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in API App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in function App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in Web App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Function\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Function\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Web\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in API App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Function App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Web App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in API App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in Web App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in API App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestNodeJsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Node.js in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Node.js version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in API App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in Web App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in API App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use of DDoS protection for virtual network\",\r\n \"description\": \"Enable or disable the monitoring of DDoS protection for virtual network\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in IoT Hubs\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in IoT Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in IoT Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInIoTHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubNamespaceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"useRbacRulesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('useRbacRulesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInStreamAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"secureTransferToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('secureTransferToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInSqlServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInSqlServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"clusterProtectionLevelInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInRedisCacheMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInKeyVaultMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeStoreMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicStorageAccountsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicStorageAccountsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteStart\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteStartEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"encryptionOfAutomationAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('encryptionOfAutomationAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInAppServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInAppServiceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"storageEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('storageEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemConfigurationsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemConfigurationsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('endpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webApplicationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webApplicationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateLessThanOwnersMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateLessThanOwnersMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateMoreThanOneOwnerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestNodeJsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestNodeJsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vnetEnableDDoSProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vnetEnableDDoSProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"25ef9b72-4af2-4501-acd1-fc814e73dde1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Password security settings inside Linux and Windows virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This policy will audit password security settings inside Linux and Windows virtual machines. For a list of individual settings, please follow the aka.ms link to Azure Policy documentation.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55f3eceb-5573-4f18-9695-226972c6d74a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"75714362-cae7-409e-9b99-a8e5075b7fad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web server security settings inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This initiative will both deploy the VM extension and audit web server security settings inside Windows VMs.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8bc55e6b-e9d5-4266-8dac-f688d151ec9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Data Protection Suite\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c937dcb4-4398-4b39-8d63-4a6be432252e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d7fff7ea-9d47-4952-b854-b7da261e48f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f48bcc78-5400-4fb0-b913-5140a2e5fa20\"\r\n }\r\n ]\r\n}", "StatusCode": 200 }, { @@ -784,16 +1031,16 @@ "Accept-Encoding" ], "x-ms-ratelimit-remaining-tenant-reads": [ - "11992" + "11997" ], "x-ms-request-id": [ - "westus2:5c4c55a4-12bc-40e0-a114-41ab8a251f69" + "westus2:0fc20c79-2a1e-4364-a525-80e2d04661af" ], "x-ms-correlation-request-id": [ - "b80b8b99-8e7d-4740-a3e6-ab36e0da86c4" + "7c6e9a46-aaf6-486b-8b09-4e9aaf98ebfe" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T213602Z:b80b8b99-8e7d-4740-a3e6-ab36e0da86c4" + "WESTUS2:20190116T193618Z:7c6e9a46-aaf6-486b-8b09-4e9aaf98ebfe" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -802,10 +1049,10 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:36:01 GMT" + "Wed, 16 Jan 2019 19:36:18 GMT" ], "Content-Length": [ - "67671" + "68218" ], "Content-Type": [ "application/json; charset=utf-8" @@ -817,7 +1064,7 @@ "0" ] }, - "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Monitoring in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor system updates\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor OS vulnerabilities\",\r\n \"description\": \"Enable or disable OS vulnerabilities monitoring (based on a configured baseline)\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor endpoint protection\",\r\n \"description\": \"Enable or disable endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disk encryption\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor network security groups\",\r\n \"description\": \"Enable or disable monitoring of network security groups with permissive rules\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webApplicationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor web application firewall\",\r\n \"description\": \"Enable or disable the monitoring of unprotected web applications\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Next Generation Firewall (NGFW) monitoring\",\r\n \"description\": \"Enable or disable monitoring network endpoints without a Next Generation Firewall\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor vulnerability assesment\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"storageEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor storage blob encryption\",\r\n \"description\": \"Enable or disable the monitoring of blob encryption for storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor JIT network access\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor application whitelisting\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL Servers auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL Servers\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInAppServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure App Services\",\r\n \"description\": \"Enable or disable the monitoring of diagnostics logs in Azure App Services\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"encryptionOfAutomationAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor encryption of automation accounts\",\r\n \"description\": \"Enable or disable the monitoring of automation account encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"metricAlertsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor metric alerts in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of metric alerts in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic compute VMs\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"classicStorageAccountsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of classic storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Analytics accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Analytics accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Store accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Store accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Event Hub accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInKeyVaultMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Key Vault vaults\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Key Vault vaults\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInKeyVaultRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Key Vault vaults\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Logic Apps workflows\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInLogicAppsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Redis Cache\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Redis Cache\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Search service\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Azure Active Directory authentication in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"clusterProtectionLevelInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor cluster protection level in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of cluster protection level in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Bus\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Bus\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceBusRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Service Bus\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Service Bus namespace authorization rules\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the provisioning of an Azure AD admininistrator for SQL server\",\r\n \"description\": \"Enable or disable the monitoring of an Azure AD admininistrator for SQL server\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the secure transfer to storage account\",\r\n \"description\": \"Enable or disable the monitoring of secure transfer to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Stream Analytics\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Stream Analytics\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Stream Analytics\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"useRbacRulesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor of using built-in RBAC rules\",\r\n \"description\": \"Enable or disable the monitoring of using built-in RBAC rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disabling of unrestricted network access to storage account\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"accessRulesInEventHubNamespaceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hub namespaces\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hub namespaces\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"accessRulesInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hubs\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL vulnerability assessment results\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor maximum number of owners\",\r\n \"description\": \"Enable or disable the monitoring of maximum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor minimus number of owners\",\r\n \"description\": \"Enable or disable the monitoring of minimum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Function App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Web App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Function App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Web App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for API App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Function App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Web App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in API App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in function App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in Web App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Function\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Function\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Web\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in API App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Function App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Web App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in API App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in Web App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in API App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestNodeJsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Node.js in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Node.js version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in API App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in Web App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in API App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use of DDoS protection for virtual network\",\r\n \"description\": \"Enable or disable the monitoring of DDoS protection for virtual network\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubNamespaceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"useRbacRulesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('useRbacRulesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInStreamAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"secureTransferToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('secureTransferToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInSqlServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInSqlServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"clusterProtectionLevelInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInRedisCacheMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInKeyVaultMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeStoreMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicStorageAccountsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicStorageAccountsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteStart\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteStartEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteComplete\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteCompleteEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"encryptionOfAutomationAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('encryptionOfAutomationAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInAppServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInAppServiceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"storageEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('storageEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemConfigurationsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemConfigurationsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('endpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webApplicationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webApplicationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateLessThanOwnersMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateLessThanOwnersMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateMoreThanOneOwnerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestNodeJsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestNodeJsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vnetEnableDDoSProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vnetEnableDDoSProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"25ef9b72-4af2-4501-acd1-fc814e73dde1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Password security settings inside Linux and Windows virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This policy will audit password security settings inside Linux and Windows virtual machines. For a list of individual settings, please follow the aka.ms link to Azure Policy documentation.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55f3eceb-5573-4f18-9695-226972c6d74a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"75714362-cae7-409e-9b99-a8e5075b7fad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web server security settings inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This initiative will both deploy the VM extension and audit web server security settings inside Windows VMs.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8bc55e6b-e9d5-4266-8dac-f688d151ec9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Data Protection Suite\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c937dcb4-4398-4b39-8d63-4a6be432252e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d7fff7ea-9d47-4952-b854-b7da261e48f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f48bcc78-5400-4fb0-b913-5140a2e5fa20\"\r\n }\r\n ]\r\n}", + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Monitoring in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor system updates\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor OS vulnerabilities\",\r\n \"description\": \"Enable or disable OS vulnerabilities monitoring (based on a configured baseline)\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor endpoint protection\",\r\n \"description\": \"Enable or disable endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disk encryption\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor network security groups\",\r\n \"description\": \"Enable or disable monitoring of network security groups with permissive rules\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webApplicationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor web application firewall\",\r\n \"description\": \"Enable or disable the monitoring of unprotected web applications\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Next Generation Firewall (NGFW) monitoring\",\r\n \"description\": \"Enable or disable monitoring network endpoints without a Next Generation Firewall\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor vulnerability assesment\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"storageEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor storage blob encryption\",\r\n \"description\": \"Enable or disable the monitoring of blob encryption for storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor JIT network access\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor application whitelisting\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL Servers auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL Servers\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInAppServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure App Services\",\r\n \"description\": \"Enable or disable the monitoring of diagnostics logs in Azure App Services\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"encryptionOfAutomationAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor encryption of automation accounts\",\r\n \"description\": \"Enable or disable the monitoring of automation account encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"metricAlertsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor metric alerts in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of metric alerts in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic compute VMs\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"classicStorageAccountsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of classic storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Analytics accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Analytics accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Store accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Store accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Event Hub accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInKeyVaultMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Key Vault vaults\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Key Vault vaults\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInKeyVaultRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Key Vault vaults\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Logic Apps workflows\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInLogicAppsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Redis Cache\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Redis Cache\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Search service\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Azure Active Directory authentication in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"clusterProtectionLevelInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor cluster protection level in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of cluster protection level in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Bus\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Bus\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceBusRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Service Bus\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Service Bus namespace authorization rules\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the provisioning of an Azure AD admininistrator for SQL server\",\r\n \"description\": \"Enable or disable the monitoring of an Azure AD admininistrator for SQL server\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the secure transfer to storage account\",\r\n \"description\": \"Enable or disable the monitoring of secure transfer to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Stream Analytics\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Stream Analytics\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Stream Analytics\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"useRbacRulesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor of using built-in RBAC rules\",\r\n \"description\": \"Enable or disable the monitoring of using built-in RBAC rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disabling of unrestricted network access to storage account\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"accessRulesInEventHubNamespaceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hub namespaces\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hub namespaces\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"accessRulesInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hubs\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL vulnerability assessment results\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor maximum number of owners\",\r\n \"description\": \"Enable or disable the monitoring of maximum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor minimus number of owners\",\r\n \"description\": \"Enable or disable the monitoring of minimum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Function App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Web App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Function App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Web App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for API App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Function App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Web App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in API App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in function App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in Web App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Function\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Function\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Web\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in API App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Function App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Web App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in API App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in Web App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in API App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestNodeJsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Node.js in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Node.js version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in API App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in Web App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in API App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use of DDoS protection for virtual network\",\r\n \"description\": \"Enable or disable the monitoring of DDoS protection for virtual network\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in IoT Hubs\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in IoT Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in IoT Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInIoTHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubNamespaceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"useRbacRulesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('useRbacRulesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInStreamAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"secureTransferToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('secureTransferToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInSqlServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInSqlServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"clusterProtectionLevelInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInRedisCacheMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInKeyVaultMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeStoreMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicStorageAccountsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicStorageAccountsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteStart\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteStartEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"encryptionOfAutomationAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('encryptionOfAutomationAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInAppServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInAppServiceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"storageEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('storageEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemConfigurationsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemConfigurationsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('endpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webApplicationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webApplicationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateLessThanOwnersMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateLessThanOwnersMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateMoreThanOneOwnerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestNodeJsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestNodeJsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vnetEnableDDoSProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vnetEnableDDoSProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"25ef9b72-4af2-4501-acd1-fc814e73dde1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Password security settings inside Linux and Windows virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This policy will audit password security settings inside Linux and Windows virtual machines. For a list of individual settings, please follow the aka.ms link to Azure Policy documentation.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55f3eceb-5573-4f18-9695-226972c6d74a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"75714362-cae7-409e-9b99-a8e5075b7fad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web server security settings inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This initiative will both deploy the VM extension and audit web server security settings inside Windows VMs.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8bc55e6b-e9d5-4266-8dac-f688d151ec9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Data Protection Suite\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c937dcb4-4398-4b39-8d63-4a6be432252e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d7fff7ea-9d47-4952-b854-b7da261e48f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f48bcc78-5400-4fb0-b913-5140a2e5fa20\"\r\n }\r\n ]\r\n}", "StatusCode": 200 } ], diff --git a/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestPolicyDefinitionCRUDAtManagementGroup.json b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestPolicyDefinitionCRUDAtManagementGroup.json index dae1dc63817c..391f3e7b74e7 100644 --- a/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestPolicyDefinitionCRUDAtManagementGroup.json +++ b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestPolicyDefinitionCRUDAtManagementGroup.json @@ -1,10 +1,10 @@ { "Entries": [ { - "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policydefinitions/ps4810?api-version=2018-05-01", - "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeWRlZmluaXRpb25zL3BzNDgxMD9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", + "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policydefinitions/ps2821?api-version=2018-05-01", + "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeWRlZmluaXRpb25zL3BzMjgyMT9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", "RequestMethod": "PUT", - "RequestBody": "{\r\n \"name\": \"ps4810\",\r\n \"properties\": {\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n },\r\n \"mode\": \"Indexed\"\r\n }\r\n}", + "RequestBody": "{\r\n \"name\": \"ps2821\",\r\n \"properties\": {\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n },\r\n \"mode\": \"Indexed\"\r\n }\r\n}", "RequestHeaders": { "User-Agent": [ "AzurePowershell/v1.0.0", @@ -31,16 +31,16 @@ "no-cache" ], "x-ms-request-id": [ - "westus2:d61f693d-a8c6-47f1-9ff5-18bc45fef8b7" + "westus2:9e0837bd-58cc-4479-9cba-2cf1e0e74aa8" ], "x-ms-ratelimit-remaining-tenant-writes": [ - "1198" + "1199" ], "x-ms-correlation-request-id": [ - "43887ec5-8fde-4ede-87c0-2ef697f2a0d1" + "b3940013-9256-4319-9d95-d57ebef758e2" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T213614Z:43887ec5-8fde-4ede-87c0-2ef697f2a0d1" + "WESTUS2:20190116T193624Z:b3940013-9256-4319-9d95-d57ebef758e2" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -49,7 +49,7 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:36:13 GMT" + "Wed, 16 Jan 2019 19:36:23 GMT" ], "Content-Length": [ "450" @@ -64,14 +64,14 @@ "0" ] }, - "ResponseBody": "{\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps4810\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps4810\"\r\n}", + "ResponseBody": "{\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps2821\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps2821\"\r\n}", "StatusCode": 201 }, { - "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policydefinitions/ps4810?api-version=2018-05-01", - "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeWRlZmluaXRpb25zL3BzNDgxMD9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", + "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policydefinitions/ps2821?api-version=2018-05-01", + "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeWRlZmluaXRpb25zL3BzMjgyMT9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", "RequestMethod": "PUT", - "RequestBody": "{\r\n \"name\": \"ps4810\",\r\n \"properties\": {\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"displayName\": \"testDisplay\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n },\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"mode\": \"Indexed\"\r\n }\r\n}", + "RequestBody": "{\r\n \"name\": \"ps2821\",\r\n \"properties\": {\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"displayName\": \"testDisplay\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n },\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"mode\": \"Indexed\"\r\n }\r\n}", "RequestHeaders": { "User-Agent": [ "AzurePowershell/v1.0.0", @@ -98,16 +98,16 @@ "no-cache" ], "x-ms-request-id": [ - "westus2:80dd7276-dd59-4cd0-8e80-5cef8d577276" + "westus2:ac49fd75-052f-49b2-9167-e8fbdceea61f" ], "x-ms-ratelimit-remaining-tenant-writes": [ "1199" ], "x-ms-correlation-request-id": [ - "03f1e188-22e7-4b37-9990-36b8440accd5" + "582a1261-c924-4ff8-9acf-207ce9cefc03" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T213614Z:03f1e188-22e7-4b37-9990-36b8440accd5" + "WESTUS2:20190116T193624Z:582a1261-c924-4ff8-9acf-207ce9cefc03" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -116,7 +116,7 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:36:14 GMT" + "Wed, 16 Jan 2019 19:36:23 GMT" ], "Content-Length": [ "522" @@ -131,12 +131,12 @@ "0" ] }, - "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps4810\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps4810\"\r\n}", + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps2821\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps2821\"\r\n}", "StatusCode": 201 }, { - "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policydefinitions/ps4810?api-version=2018-05-01", - "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeWRlZmluaXRpb25zL3BzNDgxMD9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", + "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policydefinitions/ps2821?api-version=2018-05-01", + "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeWRlZmluaXRpb25zL3BzMjgyMT9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", "RequestMethod": "GET", "RequestBody": "", "RequestHeaders": { @@ -162,16 +162,16 @@ "Accept-Encoding" ], "x-ms-ratelimit-remaining-tenant-reads": [ - "11986" + "11999" ], "x-ms-request-id": [ - "westus2:30ab0087-d2ab-41e0-a8c7-c679955a7c0a" + "westus2:0ad6d4bd-a61a-419d-8a2e-eb9e2927a245" ], "x-ms-correlation-request-id": [ - "c038ac22-6b83-4430-86f7-172aead5c95b" + "2577f088-107e-4f7a-a814-db8b932fd340" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T213614Z:c038ac22-6b83-4430-86f7-172aead5c95b" + "WESTUS2:20190116T193624Z:2577f088-107e-4f7a-a814-db8b932fd340" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -180,7 +180,7 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:36:14 GMT" + "Wed, 16 Jan 2019 19:36:23 GMT" ], "Content-Length": [ "450" @@ -195,12 +195,12 @@ "0" ] }, - "ResponseBody": "{\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps4810\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps4810\"\r\n}", + "ResponseBody": "{\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps2821\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps2821\"\r\n}", "StatusCode": 200 }, { - "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policydefinitions/ps4810?api-version=2018-05-01", - "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeWRlZmluaXRpb25zL3BzNDgxMD9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", + "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policydefinitions/ps2821?api-version=2018-05-01", + "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeWRlZmluaXRpb25zL3BzMjgyMT9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", "RequestMethod": "GET", "RequestBody": "", "RequestHeaders": { @@ -226,16 +226,16 @@ "Accept-Encoding" ], "x-ms-ratelimit-remaining-tenant-reads": [ - "11989" + "11997" ], "x-ms-request-id": [ - "westus2:3815de72-b8b3-4549-8672-8e5a30ad0164" + "westus2:5137ae01-f56d-49e7-aa88-bb750cfcc565" ], "x-ms-correlation-request-id": [ - "c6487ee8-18aa-4461-a3d4-c40740034552" + "976a6569-b750-40cc-8468-4c007ed2f42d" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T213614Z:c6487ee8-18aa-4461-a3d4-c40740034552" + "WESTUS2:20190116T193624Z:976a6569-b750-40cc-8468-4c007ed2f42d" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -244,7 +244,7 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:36:14 GMT" + "Wed, 16 Jan 2019 19:36:24 GMT" ], "Content-Length": [ "450" @@ -259,12 +259,12 @@ "0" ] }, - "ResponseBody": "{\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps4810\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps4810\"\r\n}", + "ResponseBody": "{\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps2821\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps2821\"\r\n}", "StatusCode": 200 }, { - "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policydefinitions/ps4810?api-version=2018-05-01", - "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeWRlZmluaXRpb25zL3BzNDgxMD9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", + "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policydefinitions/ps2821?api-version=2018-05-01", + "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeWRlZmluaXRpb25zL3BzMjgyMT9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", "RequestMethod": "GET", "RequestBody": "", "RequestHeaders": { @@ -290,16 +290,16 @@ "Accept-Encoding" ], "x-ms-ratelimit-remaining-tenant-reads": [ - "11990" + "11999" ], "x-ms-request-id": [ - "westus2:955dbba1-febb-46a1-aa77-dd679a2d0eb4" + "westus2:011eb0bb-3907-4b4e-8e84-1c24c79e15e4" ], "x-ms-correlation-request-id": [ - "60a8b6d1-3dc7-4428-93a0-aafe9203bd62" + "59d808c2-1e01-4c37-909d-3f328454b775" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T213614Z:60a8b6d1-3dc7-4428-93a0-aafe9203bd62" + "WESTUS2:20190116T193624Z:59d808c2-1e01-4c37-909d-3f328454b775" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -308,7 +308,7 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:36:14 GMT" + "Wed, 16 Jan 2019 19:36:24 GMT" ], "Content-Length": [ "522" @@ -323,70 +323,9 @@ "0" ] }, - "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps4810\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps4810\"\r\n}", + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps2821\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps2821\"\r\n}", "StatusCode": 200 }, - { - "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policydefinitions/ps4810?api-version=2018-05-01", - "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucy9wczQ4MTA/YXBpLXZlcnNpb249MjAxOC0wNS0wMQ==", - "RequestMethod": "GET", - "RequestBody": "", - "RequestHeaders": { - "User-Agent": [ - "AzurePowershell/v1.0.0", - "PSVersion/v6.1.0" - ], - "ParameterSetName": [ - "NameParameterSet" - ], - "CommandName": [ - "Get-AzPolicyDefinition" - ] - }, - "ResponseHeaders": { - "Cache-Control": [ - "no-cache" - ], - "Pragma": [ - "no-cache" - ], - "x-ms-request-id": [ - "westus2:6c449d4d-b22d-49d1-9e62-91cd6a37c540" - ], - "x-ms-ratelimit-remaining-subscription-reads": [ - "11994" - ], - "x-ms-correlation-request-id": [ - "1440fdbb-7938-47a2-b681-36e5e170453b" - ], - "x-ms-routing-request-id": [ - "WESTUS2:20181220T213614Z:1440fdbb-7938-47a2-b681-36e5e170453b" - ], - "Strict-Transport-Security": [ - "max-age=31536000; includeSubDomains" - ], - "X-Content-Type-Options": [ - "nosniff" - ], - "Date": [ - "Thu, 20 Dec 2018 21:36:14 GMT" - ], - "Content-Length": [ - "108" - ], - "Content-Type": [ - "application/json; charset=utf-8" - ], - "Expires": [ - "-1" - ], - "Retry-After": [ - "0" - ] - }, - "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyDefinitionNotFound\",\r\n \"message\": \"The policy definition 'ps4810' could not be found.\"\r\n }\r\n}", - "StatusCode": 404 - }, { "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policydefinitions/test2?api-version=2018-05-01", "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeWRlZmluaXRpb25zL3Rlc3QyP2FwaS12ZXJzaW9uPTIwMTgtMDUtMDE=", @@ -418,16 +357,16 @@ "no-cache" ], "x-ms-request-id": [ - "westus2:9f06311f-a51a-49b4-8ab2-7942b23d28cd" + "westus2:f0993b2b-2f96-4af0-9bb0-4dda100b812a" ], "x-ms-ratelimit-remaining-tenant-writes": [ - "1198" + "1199" ], "x-ms-correlation-request-id": [ - "caa2c875-bdfd-4c3a-a314-a2a55de09b6b" + "4df744ca-e3a2-4c23-b65f-a5609035d365" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T213614Z:caa2c875-bdfd-4c3a-a314-a2a55de09b6b" + "WESTUS2:20190116T193624Z:4df744ca-e3a2-4c23-b65f-a5609035d365" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -436,7 +375,7 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:36:14 GMT" + "Wed, 16 Jan 2019 19:36:24 GMT" ], "Content-Length": [ "394" @@ -482,16 +421,16 @@ "Accept-Encoding" ], "x-ms-ratelimit-remaining-tenant-reads": [ - "11993" + "11998" ], "x-ms-request-id": [ - "westus2:f4650617-2086-4cc2-92fc-1270cdac44e8" + "westus2:bca26bb9-88b7-42ad-9c6e-68ea5704a2ca" ], "x-ms-correlation-request-id": [ - "2f389793-d770-459a-bf3d-fd0790484014" + "d2044799-4976-4022-b92a-071ffa49da8a" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T213615Z:2f389793-d770-459a-bf3d-fd0790484014" + "WESTUS2:20190116T193625Z:d2044799-4976-4022-b92a-071ffa49da8a" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -500,10 +439,10 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:36:14 GMT" + "Wed, 16 Jan 2019 19:36:24 GMT" ], "Content-Length": [ - "274804" + "278177" ], "Content-Type": [ "application/json; charset=utf-8" @@ -515,12 +454,12 @@ "0" ] }, - "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines without disaster recovery configured\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"ASR-Protect-*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an Function app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"001802d1-4969-4c82-a700-c29c6c6f9bbd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"053d3325-282c-4e5c-b944-24faffd30d77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Data Lake Store\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057ef27e-665e-4328-8ea3-04b3122bd9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL DB Level Audit Setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit DB level audit setting for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit VMs that do not use managed disks\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0868462e-646c-4fe3-9ced-a733534b6a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08b17839-76c6-4015-90e0-33d9d54d219c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit minimum number of owners for subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate more than one subscription owner in order to have administrator access redundancy.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateMoreThanOneOwner\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted VM Disks in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0961003e-5a0a-4549-abde-af6a37f2724d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit resource location matches resource group location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that the resource location matches its resource group location\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"notIn\": [\r\n \"[resourcegroup().location]\",\r\n \"global\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a914e76-4921-4c19-b460-a2d36003525a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an function app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e60b895-3786-45da-8377-9c6b4b6ac5f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11ac78e3-31bc-4f0c-8434-37ab963cea07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the required content to audit that an application is installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"WhitelistedApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WhitelistedApplication\"\r\n },\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"installedApplication\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[Parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit transparent data encryption status\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit transparent data encryption status for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"enabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17k78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1c210e94-a481-4beb-95fa-1571b434fb04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicCompute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d84d5fb-01f6-4d12-ba4f-4a26081d403d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1de7b11d-1870-41a5-8181-507e7c663cfb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enforces a required tag and its value. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e30110a-5ceb-460c-a204-c1c3969c6d62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit provisioning of an Azure Active Directory administrator for SQL server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/administrators\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f314764-cb73-4fc9-b863-8eca98ac36e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected web application in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Web applications without a Web Application Firewall protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\",\r\n \"Microsoft.Web/hostingEnvironments\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201ea587-7c90-41c3-910f-c280ae01cfd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a API app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"224da9fe-0d38-4e79-adb3-0a6e2af942ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of only secure connections to your Redis Cache\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Cache\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22bee202-a82f-4305-9a2a-6d7f44d4dedb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordLength\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordLength\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit configuration of metric alert rules on Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit configuration of metric alert rules on Batch account to enable the required metric\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/alertRules\",\r\n \"existenceScope\": \"Subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\r\n \"equals\": \"[parameters('metricName')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\r\n \"equals\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', field('name'))]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Microsoft IaaSAntimalware extension for Windows Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys a Microsoft IaaSAntimalware extension with a default configuraion when a VM is not configured with the antimalware extension.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of process names to exclude from scanning\"\r\n }\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"false\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Quick\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"7\",\r\n \"metadata\": {\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"120\",\r\n \"metadata\": {\r\n \"description\": \"When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM.\"\r\n }\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2835b622-407b-4114-9198-6f7064cbe0dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Applies a required tag and its default value if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fde8a98-6892-426a-83ba-050e640c0ce0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32133ab0-ee4b-4b44-98d6-042180979d50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid232\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"equals\": \"Allow\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34c877ad-507e-4c82-993e-3452a6e0ad3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Logic Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Logic Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34f95f76-5386-4de7-b824-0d8478470c9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MaximumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MaximumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enablement of encryption of Automation account variables\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is important to enable encryption of Automation account variable assets when storing sensitive data\",\r\n \"metadata\": {\r\n \"category\": \"Automation\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts/variables\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Automation/automationAccounts/variables/isEncrypted\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3657f5a0-770e-44a3-b44e-9431ba1e9735\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Threat Detection is enabled on SQL Servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicStorage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c1b3629-c8f8-4bf6-862c-037cb9094038\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Log Analytics Agent for Ubuntu VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace\",\r\n \"metadata\": {\r\n \"category\": \"Compute\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\",\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\",\r\n \"14.04.2-LTS\",\r\n \"12.04.5-LTS\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fe37002-5d00-4b37-a301-da09e3a0ca66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit secure transfer to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit requirment of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"404c3081-a854-4457-ae30-26a93ef643f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"428256e6-1fac-4f48-a757-df34c2b3336d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor permissive network access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"permissiveNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44452482-524f-4bf4-b852-0bff7cc4a3ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require SQL Server version 12.0\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures all SQL servers use version 12.0\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/version\",\r\n \"equals\": \"12.0\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46544d7b-1f0d-46f5-81da-5c1351de1b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce automatic OS upgrade with app health checks on VMSS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces usage of automatic OS upgrade with application health checks through health probes, which enables safer rollout by evaluating application health after each OS upgrade batch.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade\",\r\n \"equals\": \"True\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/networkProfile.healthProbe.id\",\r\n \"exists\": \"False\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f0161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible app Whitelisting in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible Application Whitelist configuration will be monitored by Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"applicationWhitelisting\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47a6b606-51aa-4496-8bb7-64b11cf66adc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48893b84-a2c8-4d9a-badf-835d5d1b7d53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Applies a required tag and its default value to resource groups if it is not specified by the user.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d1c04de-2172-403f-901b-90608c35c721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit maximum number of owners for a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateLessThanXOwners\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f11b553-d42e-4e3a-89be-32ca364cad4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with write permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df82f4f-773a-4a2d-97a2-422a806f1a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in India data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: West India, South India, Central India\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with read permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit the setting of ClusterProtectionLevel property to EncryptAndSign in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].name\",\r\n \"notEquals\": \"Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name\",\r\n \"notEquals\": \"ClusterProtectionLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value\",\r\n \"notEquals\": \"EncryptAndSign\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"617c02be-7f02-4efd-8836-3180d47b6c68\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit missing blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits storage accounts without blob encryption. It only applies to Microsoft.Storage resource types, not other storage providers. Possible network Just In Time access will be monitored by Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"655cb504-bcee-4362-bd4c-402e6aa38759\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a Function app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"664346d9-be92-43fb-a219-d595eeb76a90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a web application from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8450e2-6c61-43b4-be65-62e3a197bffe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization cannot deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that cannot be deployed.\",\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesNotAllowed')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdb9205-3462-4cfc-87d8-16c7860b53f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"EnforcePasswordHistory\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed storage account SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"StorageSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7433c107-6db4-4ad1-b57a-a76dce0154a1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in App Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"752c6934-9bcc-4749-b004-655e676ae2ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor VM Vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"vulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"760a85ff-6162-42b3-8d70-698e268f648c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"IaaSDiagnostics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Diagnostics\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"LinuxDiagnostic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.OSTCExtensions\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c1b1214-f927-48bf-8882-84f0af6588b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e56b49b-5990-4159-a734-511ea19b731c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordMustMeetComplexityRequirements\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit diagnostic setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f89b1eb-583c-429a-8828-af049802c1d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a214f7-d01a-484b-91a9-ed54470c9a6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy SQL DB transparent data encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enables transparent data encryption on SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('fullDbName'), '/current')]\",\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"apiVersion\": \"2014-04-01\",\r\n \"properties\": {\r\n \"status\": \"Enabled\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"value\": \"[field('fullName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing system updates in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Missing security system updates on your servers will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"systemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86b3d65f-7626-441e-b690-81a8b71cff60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"not_installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"not_installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"884b209a-963b-4520-8006-d20cb3c213e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces a required tag and its value on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce3da23-7156-49e4-b145-24f95f9dcb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"StorePasswordsUsingReversibleEncryption\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9297c21d-2ed6-4474-b48f-163f75654ce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in European data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: North Europe, West Europe\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"northeurope\",\r\n \"westeurope\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"94c19f19-8192-48cd-a11b-e37099d3e36b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in United States data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"centralus\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"northcentralus\",\r\n \"southcentralus\",\r\n \"westus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"983211ba-f348-4758-983b-21fa29294869\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9bfe3727-0a17-471f-a2fe-eddd6b668745\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected network endpoints in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network endpoints without a Next Generation Firewall's protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedNetworkEndpoint\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9daedab3-fb2d-461e-b861-71790eead4f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that can be deployed.\",\r\n \"displayName\": \"Allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesAllowed')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a08ec900-254a-4555-9bf5-e42af04b5c5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Service Bus namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1817ec0-a368-432a-8057-8371e17ac6ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a451c1ef-c6ca-483d-87ed-f49761e3ffb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL server level Auditing settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audits the existence of SQL Auditing at the server level\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Desired Auditing setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enabled\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit standard tier of DDoS protection is enabled for a virtual network\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableDDoSProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce encryption on Data Lake Store accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures encryption is enabled on all Data Lake Store accounts\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DataLakeStore/accounts/encryptionState\",\r\n \"equals\": \"Disabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7ff3161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unencrypted SQL servers or databases will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a8bef009-a5c9-4d0f-90d7-6018734e8a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy network watcher when virtual networks are created\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"networkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[field('location')]\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-09-01\",\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"name\": \"[concat('networkWacher_', parameters('location'))]\",\r\n \"location\": \"[parameters('location')]\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with owner permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa633080-8b72-40c4-a2d7-d00c03e80bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Automatic provisioning of security monitoring agent\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Installs security agent on VMs for advanced security alerts and preventions in Azure Security Center. Applies only for subscriptions that use Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"securityAgent\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abcc6037-1fc4-47f6-aac5-89706589be24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'environment' tag value in allowed values\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.environment\",\r\n \"in\": [\r\n \"production\",\r\n \"dev\",\r\n \"test\",\r\n \"staging\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"endpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af6cd1bd-1635-48cb-bde7-5b15693900b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unaudited SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"SQL servers and databases which doesn't have SQL auditing turned on will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"auditing\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af8051bf-258b-44e2-a2bf-165330459f9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible network Just In Time (JIT) access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"jitNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM /etc/passwd file permissions are set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Event Hub namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b278e460-7cfc-4451-8294-cccc40a940d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"AuditSecureProtocol\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AuditSecureProtocol\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs for Search service\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Search\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an API app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b48334a4-911b-4084-b1ab-3e6a4e50b951\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of Azure Active Directory for client authentication in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit usage of client authentication only via Azure Active Directory in Service Fabric\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b54ed75b-3e1a-44ac-a333-05ba39b99ff0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be0a7681-bed4-48dc-9ff3-f0171ee170b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Asia data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastasia\",\r\n \"southeastasia\",\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\",\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Data Lake Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply Diagnostic Settings for Network Security Groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy automatically deploys diagnostic settings to network security groups.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist)\",\r\n \"description\": \"This resource group must already exist\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setbypolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"rgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"storageDeployName\": \"[concat('policyStorage_', uniqueString(parameters('location'), parameters('nsgName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('nsgName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [\r\n \"[variables('storageDeployName')]\"\r\n ],\r\n \"properties\": {\r\n \"storageAccountId\": \"[reference(variables('storageDeployName')).outputs.storageAccountId.value]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('storageDeployName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('rgName')]\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-06-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[concat(parameters('storageprefix'), parameters('location'))]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"location\": \"[parameters('location')]\",\r\n \"tags\": {\r\n \"created-by\": \"policy\"\r\n },\r\n \"scale\": null,\r\n \"properties\": {\r\n \"networkAcls\": {\r\n \"bypass\": \"AzureServices\",\r\n \"defaultAction\": \"Allow\",\r\n \"ipRules\": [],\r\n \"virtualNetworkRules\": []\r\n },\r\n \"supportsHttpsTrafficOnly\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"storageAccountId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[resourceId(parameters('rgName'), 'Microsoft.Storage/storageAccounts',concat(parameters('storagePrefix'), parameters('location')))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('rgName')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb510bfd-1cba-4d9f-a230-cb0976f4bb71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed virtual machine SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for virtual machines.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cccc23c7-8427-4f53-ad12-b6a63eb452b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'department' tag set\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation only if the 'department' tag is set\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags\",\r\n \"containsKey\": \"department\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd8dc879-a2ae-43c3-8211-1877c5755064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Key Vault\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf820ca0-f99e-4f3e-84fb-66e913812d21\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Function Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a Function app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a web application from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd2ea520-6b06-45c3-806e-ea297c23e06a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e01598e8-6538-41ed-95e8-8b29746cd697\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor OS vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"osVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3576e28-8b17-4677-84c3-db2990658d64\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"global\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"notEquals\": \"Microsoft.AzureActiveDirectory/b2cDirectories\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e56962a6-4747-49cd-b67b-bf8b01975c4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Node.js Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Node.js version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestNodeJS\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e67687e8-08d5-4e7f-8226-5b4753bba008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations for resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that resource groups can be created in.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e765b5de-1225-4ba3-bd56-1ac6695af988\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within a web application must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e797f851-8be7-4c40-bb56-2e3395215b0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an API app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration and Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid110\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"NotInstalledApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"NotInstalledApplication\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[Parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0633351-c7b2-41ff-9981-508fc08553c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid121\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if they not logging to the LA workspace specified in the policy/initiative assignment.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"notEquals\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f47b5582-33ec-4c5c-87c0-b010a6b2e917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of authorization rules on Event Hub entities\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit existence of authorization rules on Event Hub entities to grant least-privileged access\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/eventhubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/eventHubs/authorizationRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4826e5f-6a27-407c-ae3e-9582eb39891d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Auditing on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\",\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8456c1c-aa66-4dfb-861a-25d127b775c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Service Bus\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Stream Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Stream Analytics\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingJobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits that the specified application is installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor SQL vulnerability assessment results in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedinstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"equals\": \"Monitored\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"feedbf84-6b99-488c-acc2-71c829aa5ffc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim mg no sub\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/51c286c0-25b6-4a16-b53b-208fd346d285\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"51c286c0-25b6-4a16-b53b-208fd346d285\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Noop\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Do nothing\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"yabba\",\r\n \"dabba\",\r\n \"doo\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/c13d200b-0dd7-4542-873b-fd7af3989207\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c13d200b-0dd7-4542-873b-fd7af3989207\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"sdfsfsdfsdfsdf\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/e1d7de9f-42f0-4af1-9ee0-0187bfce093e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1d7de9f-42f0-4af1-9ee0-0187bfce093e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps4810\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps4810\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps8673\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps8673\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"blah\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/test2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"test2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure KeyVault Allowed Locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Azure KeyVault Allowed Locations\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovTest5/providers/Microsoft.Authorization/policyDefinitions/e1d7de9f-42f0-4af1-9ee0-0187bfce08d5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1d7de9f-42f0-4af1-9ee0-0187bfce08d5\"\r\n }\r\n ]\r\n}", + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines without disaster recovery configured\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"ASR-Protect-*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an Function app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"001802d1-4969-4c82-a700-c29c6c6f9bbd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"053d3325-282c-4e5c-b944-24faffd30d77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Data Lake Store\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057ef27e-665e-4328-8ea3-04b3122bd9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL DB Level Audit Setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit DB level audit setting for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit VMs that do not use managed disks\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0868462e-646c-4fe3-9ced-a733534b6a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08b17839-76c6-4015-90e0-33d9d54d219c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit minimum number of owners for subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate more than one subscription owner in order to have administrator access redundancy.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateMoreThanOneOwner\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted VM Disks in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0961003e-5a0a-4549-abde-af6a37f2724d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit resource location matches resource group location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that the resource location matches its resource group location\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"notIn\": [\r\n \"[resourcegroup().location]\",\r\n \"global\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a914e76-4921-4c19-b460-a2d36003525a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an function app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e60b895-3786-45da-8377-9c6b4b6ac5f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11ac78e3-31bc-4f0c-8434-37ab963cea07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the required content to audit that an application is installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"WhitelistedApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WhitelistedApplication\"\r\n },\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"installedApplication\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[Parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit transparent data encryption status\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit transparent data encryption status for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"enabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17k78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1c210e94-a481-4beb-95fa-1571b434fb04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicCompute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d84d5fb-01f6-4d12-ba4f-4a26081d403d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1de7b11d-1870-41a5-8181-507e7c663cfb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enforces a required tag and its value. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e30110a-5ceb-460c-a204-c1c3969c6d62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit provisioning of an Azure Active Directory administrator for SQL server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/administrators\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f314764-cb73-4fc9-b863-8eca98ac36e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected web application in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Web applications without a Web Application Firewall protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\",\r\n \"Microsoft.Web/hostingEnvironments\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201ea587-7c90-41c3-910f-c280ae01cfd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a API app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"224da9fe-0d38-4e79-adb3-0a6e2af942ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of only secure connections to your Redis Cache\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Cache\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22bee202-a82f-4305-9a2a-6d7f44d4dedb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MinimumPasswordLength\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordLength\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit configuration of metric alert rules on Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit configuration of metric alert rules on Batch account to enable the required metric\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/alertRules\",\r\n \"existenceScope\": \"Subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\r\n \"equals\": \"[parameters('metricName')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\r\n \"equals\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', field('name'))]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Microsoft IaaSAntimalware extension for Windows Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys a Microsoft IaaSAntimalware extension with a default configuraion when a VM is not configured with the antimalware extension.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of process names to exclude from scanning\"\r\n }\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"false\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Quick\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"7\",\r\n \"metadata\": {\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"120\",\r\n \"metadata\": {\r\n \"description\": \"When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM.\"\r\n }\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2835b622-407b-4114-9198-6f7064cbe0dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Applies a required tag and its default value if it is not specified by the user. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fde8a98-6892-426a-83ba-050e640c0ce0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32133ab0-ee4b-4b44-98d6-042180979d50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid232\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"equals\": \"Allow\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34c877ad-507e-4c82-993e-3452a6e0ad3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Logic Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Logic Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34f95f76-5386-4de7-b824-0d8478470c9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM maximum password age 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"MaximumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MaximumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enablement of encryption of Automation account variables\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is important to enable encryption of Automation account variable assets when storing sensitive data\",\r\n \"metadata\": {\r\n \"category\": \"Automation\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts/variables\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Automation/automationAccounts/variables/isEncrypted\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3657f5a0-770e-44a3-b44e-9431ba1e9735\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Threat Detection is enabled on SQL Servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit use of classic storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager v2 for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.classicStorage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in IoT Hubs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Internet of Things\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Devices/IotHubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"383856f8-de7f-44a2-81fc-e5135b5c2aa4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c1b3629-c8f8-4bf6-862c-037cb9094038\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Log Analytics Agent for Ubuntu VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace\",\r\n \"metadata\": {\r\n \"category\": \"Compute\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\",\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\",\r\n \"14.04.2-LTS\",\r\n \"12.04.5-LTS\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fe37002-5d00-4b37-a301-da09e3a0ca66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit secure transfer to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit requirment of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"404c3081-a854-4457-ae30-26a93ef643f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"428256e6-1fac-4f48-a757-df34c2b3336d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor permissive network access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"permissiveNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44452482-524f-4bf4-b852-0bff7cc4a3ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require SQL Server version 12.0\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures all SQL servers use version 12.0\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/version\",\r\n \"equals\": \"12.0\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46544d7b-1f0d-46f5-81da-5c1351de1b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce automatic OS upgrade with app health checks on VMSS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces usage of automatic OS upgrade with application health checks through health probes, which enables safer rollout by evaluating application health after each OS upgrade batch.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade\",\r\n \"equals\": \"True\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/networkProfile.healthProbe.id\",\r\n \"exists\": \"False\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f0161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible app Whitelisting in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible Application Whitelist configuration will be monitored by Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"applicationWhitelisting\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47a6b606-51aa-4496-8bb7-64b11cf66adc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48893b84-a2c8-4d9a-badf-835d5d1b7d53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply tag and its default value to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Applies a required tag and its default value to resource groups if it is not specified by the user.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d1c04de-2172-403f-901b-90608c35c721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit maximum number of owners for a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateLessThanXOwners\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healty\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f11b553-d42e-4e3a-89be-32ca364cad4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CORS resource access restrictions for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Cross origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RestrictCORSAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM minimum password age 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the period of time (in days) that a password must be used before the user can change it.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM passwords must be at least 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the least number of characters that a password for a user account may contain.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with write permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df82f4f-773a-4a2d-97a2-422a806f1a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in India data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: West India, South India, Central India\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with read permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit the setting of ClusterProtectionLevel property to EncryptAndSign in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].name\",\r\n \"notEquals\": \"Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name\",\r\n \"notEquals\": \"ClusterProtectionLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value\",\r\n \"notEquals\": \"EncryptAndSign\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"617c02be-7f02-4efd-8836-3180d47b6c68\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit missing blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits storage accounts without blob encryption. It only applies to Microsoft.Storage resource types, not other storage providers. Possible network Just In Time access will be monitored by Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"655cb504-bcee-4362-bd4c-402e6aa38759\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a Function app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"664346d9-be92-43fb-a219-d595eeb76a90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IP restrictions configuration for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a web application from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8450e2-6c61-43b4-be65-62e3a197bffe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization cannot deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that cannot be deployed.\",\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesNotAllowed')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdb9205-3462-4cfc-87d8-16c7860b53f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"EnforcePasswordHistory\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed storage account SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"StorageSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7433c107-6db4-4ad1-b57a-a76dce0154a1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in App Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"752c6934-9bcc-4749-b004-655e676ae2ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor VM Vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"vulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"760a85ff-6162-42b3-8d70-698e268f648c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"IaaSDiagnostics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Diagnostics\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"LinuxDiagnostic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.OSTCExtensions\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c1b1214-f927-48bf-8882-84f0af6588b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy will audit that the specified application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e56b49b-5990-4159-a734-511ea19b731c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordMustMeetComplexityRequirements\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit diagnostic setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f89b1eb-583c-429a-8828-af049802c1d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a214f7-d01a-484b-91a9-ed54470c9a6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy SQL DB transparent data encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enables transparent data encryption on SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('fullDbName'), '/current')]\",\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"apiVersion\": \"2014-04-01\",\r\n \"properties\": {\r\n \"status\": \"Enabled\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"value\": \"[field('fullName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing system updates in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Missing security system updates on your servers will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"systemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86b3d65f-7626-441e-b690-81a8b71cff60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Linux virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"not_installed_application_linux\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"not_installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', parameters('ApplicationName'), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"884b209a-963b-4520-8006-d20cb3c213e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce tag and its value on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces a required tag and its value on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce3da23-7156-49e4-b145-24f95f9dcb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Windows VM should not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"StorePasswordsUsingReversibleEncryption\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9297c21d-2ed6-4474-b48f-163f75654ce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in European data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: North Europe, West Europe\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"northeurope\",\r\n \"westeurope\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"94c19f19-8192-48cd-a11b-e37099d3e36b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in United States data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"centralus\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"northcentralus\",\r\n \"southcentralus\",\r\n \"westus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"983211ba-f348-4758-983b-21fa29294869\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9bfe3727-0a17-471f-a2fe-eddd6b668745\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unprotected network endpoints in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network endpoints without a Next Generation Firewall's protection will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.ClassicCompute/domainNames\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedNetworkEndpoint\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9daedab3-fb2d-461e-b861-71790eead4f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that can be deployed.\",\r\n \"displayName\": \"Allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesAllowed')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a08ec900-254a-4555-9bf5-e42af04b5c5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Service Bus namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1817ec0-a368-432a-8057-8371e17ac6ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a451c1ef-c6ca-483d-87ed-f49761e3ffb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit SQL server level Auditing settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audits the existence of SQL Auditing at the server level\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Desired Auditing setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enabled\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit standard tier of DDoS protection is enabled for a virtual network\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableDDoSProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce encryption on Data Lake Store accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures encryption is enabled on all Data Lake Store accounts\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DataLakeStore/accounts/encryptionState\",\r\n \"equals\": \"Disabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7ff3161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unencrypted SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unencrypted SQL servers or databases will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a8bef009-a5c9-4d0f-90d7-6018734e8a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy network watcher when virtual networks are created\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"networkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[field('location')]\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-09-01\",\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"name\": \"[concat('networkWacher_', parameters('location'))]\",\r\n \"location\": \"[parameters('location')]\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with owner permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa633080-8b72-40c4-a2d7-d00c03e80bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Automatic provisioning of security monitoring agent\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Installs security agent on VMs for advanced security alerts and preventions in Azure Security Center. Applies only for subscriptions that use Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"securityAgent\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abcc6037-1fc4-47f6-aac5-89706589be24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'environment' tag value in allowed values\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.environment\",\r\n \"in\": [\r\n \"production\",\r\n \"dev\",\r\n \"test\",\r\n \"staging\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"endpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af6cd1bd-1635-48cb-bde7-5b15693900b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor unaudited SQL database in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"SQL servers and databases which doesn't have SQL auditing turned on will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\",\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"auditing\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af8051bf-258b-44e2-a2bf-165330459f9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor possible network Just In Time (JIT) access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"jitNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM /etc/passwd file permissions are set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit authorization rules on Event Hub namespaces\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b278e460-7cfc-4451-8294-cccc40a940d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"AuditSecureProtocol\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AuditSecureProtocol\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs for Search service\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Search\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an API app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b48334a4-911b-4084-b1ab-3e6a4e50b951\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of Azure Active Directory for client authentication in Service Fabric\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit usage of client authentication only via Azure Active Directory in Service Fabric\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b54ed75b-3e1a-44ac-a333-05ba39b99ff0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit API Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be0a7681-bed4-48dc-9ff3-f0171ee170b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Asia data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastasia\",\r\n \"southeastasia\",\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\",\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Linux VM accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting verifies there are no accounts without passwords.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit HTTPS only access for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnforceHttps\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Data Lake Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Apply Diagnostic Settings for Network Security Groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy automatically deploys diagnostic settings to network security groups.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist)\",\r\n \"description\": \"This resource group must already exist\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setbypolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"rgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"storageDeployName\": \"[concat('policyStorage_', uniqueString(parameters('location'), parameters('nsgName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('nsgName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [\r\n \"[variables('storageDeployName')]\"\r\n ],\r\n \"properties\": {\r\n \"storageAccountId\": \"[reference(variables('storageDeployName')).outputs.storageAccountId.value]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('storageDeployName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('rgName')]\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-06-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[concat(parameters('storageprefix'), parameters('location'))]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"location\": \"[parameters('location')]\",\r\n \"tags\": {\r\n \"created-by\": \"policy\"\r\n },\r\n \"scale\": null,\r\n \"properties\": {\r\n \"networkAcls\": {\r\n \"bypass\": \"AzureServices\",\r\n \"defaultAction\": \"Allow\",\r\n \"ipRules\": [],\r\n \"virtualNetworkRules\": []\r\n },\r\n \"supportsHttpsTrafficOnly\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"storageAccountId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[resourceId(parameters('rgName'), 'Microsoft.Storage/storageAccounts',concat(parameters('storagePrefix'), parameters('location')))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('rgName')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb510bfd-1cba-4d9f-a230-cb0976f4bb71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed virtual machine SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for virtual machines.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cccc23c7-8427-4f53-ad12-b6a63eb452b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation if 'department' tag set\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation only if the 'department' tag is set\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags\",\r\n \"containsKey\": \"department\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd8dc879-a2ae-43c3-8211-1877c5755064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM should not allow previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Key Vault\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf820ca0-f99e-4f3e-84fb-66e913812d21\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Function Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a Function app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a web application from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd2ea520-6b06-45c3-806e-ea297c23e06a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e01598e8-6538-41ed-95e8-8b29746cd697\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor OS vulnerabilities in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.OperationalInsights/workspaces\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"osVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3576e28-8b17-4677-84c3-db2990658d64\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"global\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"notEquals\": \"Microsoft.AzureActiveDirectory/b2cDirectories\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e56962a6-4747-49cd-b67b-bf8b01975c4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Applications that are not using latest supported Node.js Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Node.js version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestNodeJS\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e67687e8-08d5-4e7f-8226-5b4753bba008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations for resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that resource groups can be created in.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e765b5de-1225-4ba3-bd56-1ac6695af988\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Web Sockets state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within a web application must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e797f851-8be7-4c40-bb56-2e3395215b0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit remote debugging state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an API app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableRemoteDebugging\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit deprecated accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM allowing remote connections from accounts with no passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration and Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts with empty passwords is disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid110\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extension for Microsoft Guest Configuration, the VM extension for Microsoft Azure Managed Service Identity, and the content required to audit that an application is not installed inside Windows virtual machines. This policy should only be used along with its corresponding audit policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SQL2017-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Enterprise\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"NotInstalledApplication\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"NotInstalledApplication\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[Parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0633351-c7b2-41ff-9981-508fc08553c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid121\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-06-30-preview\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if they not logging to the LA workspace specified in the policy/initiative assignment.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"notEquals\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f47b5582-33ec-4c5c-87c0-b010a6b2e917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit existence of authorization rules on Event Hub entities\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit existence of authorization rules on Event Hub entities to grant least-privileged access\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/eventhubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/eventHubs/authorizationRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4826e5f-6a27-407c-ae3e-9582eb39891d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VM enforces password complexity requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Auditing on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\",\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit external accounts with owner permissions on a subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8456c1c-aa66-4dfb-861a-25d127b775c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Service Bus\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit enabling of diagnostic logs in Azure Stream Analytics\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of logs and retain them up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Stream Analytics\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingJobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits that the specified application is installed inside Linux virtual machines. This policy should only be used along with its corresponding deploy policy in an initiative/policy set. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"14.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"16.04.#-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"16.04-LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"match\": \"18.04-LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"SLES\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"12-SP3\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7-RAW\",\r\n \"7.4\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"9\",\r\n \"8\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"CentOS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"7.5\",\r\n \"7.4\",\r\n \"7.3\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Monitor SQL vulnerability assessment results in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedinstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"feedbf84-6b99-488c-acc2-71c829aa5ffc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim mg no sub\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/51c286c0-25b6-4a16-b53b-208fd346d285\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"51c286c0-25b6-4a16-b53b-208fd346d285\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[cstack] Noop\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Do nothing\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"yabba\",\r\n \"dabba\",\r\n \"doo\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/c13d200b-0dd7-4542-873b-fd7af3989207\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c13d200b-0dd7-4542-873b-fd7af3989207\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"sdfsfsdfsdfsdf\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {},\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/e1d7de9f-42f0-4af1-9ee0-0187bfce093e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1d7de9f-42f0-4af1-9ee0-0187bfce093e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps2821\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps2821\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps8673\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps8673\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"blah\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/test2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"test2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure KeyVault Allowed Locations\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Azure KeyVault Allowed Locations\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovTest5/providers/Microsoft.Authorization/policyDefinitions/e1d7de9f-42f0-4af1-9ee0-0187bfce08d5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1d7de9f-42f0-4af1-9ee0-0187bfce08d5\"\r\n }\r\n ]\r\n}", "StatusCode": 200 }, { - "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policydefinitions/ps4810?api-version=2018-05-01", - "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeWRlZmluaXRpb25zL3BzNDgxMD9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", + "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policydefinitions/ps2821?api-version=2018-05-01", + "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeWRlZmluaXRpb25zL3BzMjgyMT9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", "RequestMethod": "DELETE", "RequestBody": "", "RequestHeaders": { @@ -549,13 +488,13 @@ "14999" ], "x-ms-request-id": [ - "westus2:796e5f24-3ca1-4b4d-8ae4-b015e1fd9c6d" + "westus2:c43028f9-2f00-4449-b690-13c34ec327f0" ], "x-ms-correlation-request-id": [ - "2cea262a-52a5-4de0-a412-71836706909c" + "dd2a1b4f-93a6-496a-a54d-d138708b6923" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T213622Z:2cea262a-52a5-4de0-a412-71836706909c" + "WESTUS2:20190116T193629Z:dd2a1b4f-93a6-496a-a54d-d138708b6923" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -564,7 +503,7 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:36:21 GMT" + "Wed, 16 Jan 2019 19:36:29 GMT" ], "Content-Length": [ "522" @@ -579,7 +518,7 @@ "0" ] }, - "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps4810\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps4810\"\r\n}", + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps2821\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps2821\"\r\n}", "StatusCode": 200 }, { @@ -609,17 +548,17 @@ "Vary": [ "Accept-Encoding" ], - "x-ms-ratelimit-remaining-tenant-deletes": [ - "14999" + "x-ms-correlation-request-id": [ + "06ebb8bd-5593-439c-aca7-14e11cd8ff74" ], "x-ms-request-id": [ - "westus2:ab6c8c59-e1e6-4724-9a28-b2066d1986c3" + "westus2:c4ddbed8-c776-4b9e-be3d-54e755f53d62" ], - "x-ms-correlation-request-id": [ - "e47746b8-07b9-4723-bdc3-a1780cb513b6" + "x-ms-ratelimit-remaining-tenant-deletes": [ + "14998" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T213622Z:e47746b8-07b9-4723-bdc3-a1780cb513b6" + "WESTUS2:20190116T193630Z:06ebb8bd-5593-439c-aca7-14e11cd8ff74" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -628,7 +567,7 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:36:22 GMT" + "Wed, 16 Jan 2019 19:36:29 GMT" ], "Content-Length": [ "394" @@ -649,7 +588,7 @@ ], "Names": { "Test-PolicyDefinitionCRUDAtManagementGroup": [ - "ps4810" + "ps2821" ] }, "Variables": { diff --git a/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestPolicySetDefinitionCRUDAtManagementGroup.json b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestPolicySetDefinitionCRUDAtManagementGroup.json index 4761fbd6133c..73c693000238 100644 --- a/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestPolicySetDefinitionCRUDAtManagementGroup.json +++ b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestPolicySetDefinitionCRUDAtManagementGroup.json @@ -1,10 +1,10 @@ { "Entries": [ { - "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policydefinitions/ps8684?api-version=2018-05-01", - "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeWRlZmluaXRpb25zL3BzODY4ND9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", + "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policydefinitions/ps832?api-version=2018-05-01", + "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeWRlZmluaXRpb25zL3BzODMyP2FwaS12ZXJzaW9uPTIwMTgtMDUtMDE=", "RequestMethod": "PUT", - "RequestBody": "{\r\n \"name\": \"ps8684\",\r\n \"properties\": {\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n },\r\n \"mode\": \"All\"\r\n }\r\n}", + "RequestBody": "{\r\n \"name\": \"ps832\",\r\n \"properties\": {\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n },\r\n \"mode\": \"All\"\r\n }\r\n}", "RequestHeaders": { "User-Agent": [ "AzurePowershell/v1.0.0", @@ -20,7 +20,7 @@ "application/json; charset=utf-8" ], "Content-Length": [ - "357" + "356" ] }, "ResponseHeaders": { @@ -31,16 +31,16 @@ "no-cache" ], "x-ms-request-id": [ - "westus2:6a36c61c-166a-4dd1-836a-508b9abca739" + "westus2:85c6fd00-c66e-4d84-8a9c-9d8791576035" ], "x-ms-ratelimit-remaining-tenant-writes": [ "1199" ], "x-ms-correlation-request-id": [ - "4b720ee8-4a80-492a-956c-965ba93c76b1" + "ba5d13eb-bc1f-47bc-a4c3-99d237f273e1" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T214323Z:4b720ee8-4a80-492a-956c-965ba93c76b1" + "WESTUS2:20190116T193819Z:ba5d13eb-bc1f-47bc-a4c3-99d237f273e1" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -49,10 +49,10 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:43:22 GMT" + "Wed, 16 Jan 2019 19:38:18 GMT" ], "Content-Length": [ - "446" + "444" ], "Content-Type": [ "application/json; charset=utf-8" @@ -64,14 +64,14 @@ "0" ] }, - "ResponseBody": "{\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps8684\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps8684\"\r\n}", + "ResponseBody": "{\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps832\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps832\"\r\n}", "StatusCode": 201 }, { - "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policysetdefinitions/ps841?api-version=2018-05-01", - "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeXNldGRlZmluaXRpb25zL3BzODQxP2FwaS12ZXJzaW9uPTIwMTgtMDUtMDE=", + "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policysetdefinitions/ps3937?api-version=2018-05-01", + "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeXNldGRlZmluaXRpb25zL3BzMzkzNz9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", "RequestMethod": "PUT", - "RequestBody": "{\r\n \"name\": \"ps841\",\r\n \"properties\": {\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps8684\"\r\n }\r\n ]\r\n }\r\n}", + "RequestBody": "{\r\n \"name\": \"ps3937\",\r\n \"properties\": {\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps832\"\r\n }\r\n ]\r\n }\r\n}", "RequestHeaders": { "User-Agent": [ "AzurePowershell/v1.0.0", @@ -98,16 +98,16 @@ "no-cache" ], "x-ms-request-id": [ - "westus2:432a1bac-b06a-45f1-b9ea-2435e6ea404f" + "westus2:66dd5e13-3edf-44a0-8da8-0ac21bef64d4" ], "x-ms-ratelimit-remaining-tenant-writes": [ - "1198" + "1199" ], "x-ms-correlation-request-id": [ - "77213a34-f7f8-4137-8cbd-336364096bb8" + "7c291a80-05aa-4e82-816f-5afb2356927e" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T214324Z:77213a34-f7f8-4137-8cbd-336364096bb8" + "WESTUS2:20190116T193820Z:7c291a80-05aa-4e82-816f-5afb2356927e" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -116,10 +116,10 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:43:23 GMT" + "Wed, 16 Jan 2019 19:38:19 GMT" ], "Content-Length": [ - "523" + "526" ], "Content-Type": [ "application/json; charset=utf-8" @@ -131,14 +131,14 @@ "0" ] }, - "ResponseBody": "{\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"260417648226455549\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps8684\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policySetDefinitions/ps841\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"ps841\"\r\n}", + "ResponseBody": "{\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"13715932764746258732\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps832\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policySetDefinitions/ps3937\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"ps3937\"\r\n}", "StatusCode": 201 }, { - "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policysetdefinitions/ps841?api-version=2018-05-01", - "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeXNldGRlZmluaXRpb25zL3BzODQxP2FwaS12ZXJzaW9uPTIwMTgtMDUtMDE=", + "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policysetdefinitions/ps3937?api-version=2018-05-01", + "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeXNldGRlZmluaXRpb25zL3BzMzkzNz9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", "RequestMethod": "PUT", - "RequestBody": "{\r\n \"name\": \"ps841\",\r\n \"properties\": {\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"displayName\": \"testDisplay\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"260417648226455549\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps8684\"\r\n }\r\n ]\r\n }\r\n}", + "RequestBody": "{\r\n \"name\": \"ps3937\",\r\n \"properties\": {\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"displayName\": \"testDisplay\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"13715932764746258732\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps832\"\r\n }\r\n ]\r\n }\r\n}", "RequestHeaders": { "User-Agent": [ "AzurePowershell/v1.0.0", @@ -154,7 +154,7 @@ "application/json; charset=utf-8" ], "Content-Length": [ - "436" + "438" ] }, "ResponseHeaders": { @@ -168,16 +168,16 @@ "Accept-Encoding" ], "x-ms-ratelimit-remaining-tenant-writes": [ - "1198" + "1199" ], "x-ms-request-id": [ - "westus2:3323b398-8211-4a01-8e7d-f5d8bdba24d2" + "westus2:cf8f5584-35f8-41b4-9b97-3d70130ba97c" ], "x-ms-correlation-request-id": [ - "6962d5b0-6f58-4e8b-8f97-fe30b4ab7e19" + "5530278d-971e-4993-912d-418137110903" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T214324Z:6962d5b0-6f58-4e8b-8f97-fe30b4ab7e19" + "WESTUS2:20190116T193820Z:5530278d-971e-4993-912d-418137110903" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -186,10 +186,10 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:43:23 GMT" + "Wed, 16 Jan 2019 19:38:20 GMT" ], "Content-Length": [ - "559" + "562" ], "Content-Type": [ "application/json; charset=utf-8" @@ -201,12 +201,12 @@ "0" ] }, - "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"260417648226455549\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps8684\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policySetDefinitions/ps841\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"ps841\"\r\n}", + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"13715932764746258732\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps832\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policySetDefinitions/ps3937\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"ps3937\"\r\n}", "StatusCode": 200 }, { - "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policysetdefinitions/ps841?api-version=2018-05-01", - "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeXNldGRlZmluaXRpb25zL3BzODQxP2FwaS12ZXJzaW9uPTIwMTgtMDUtMDE=", + "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policysetdefinitions/ps3937?api-version=2018-05-01", + "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeXNldGRlZmluaXRpb25zL3BzMzkzNz9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", "RequestMethod": "GET", "RequestBody": "", "RequestHeaders": { @@ -232,16 +232,16 @@ "Accept-Encoding" ], "x-ms-ratelimit-remaining-tenant-reads": [ - "11989" + "11997" ], "x-ms-request-id": [ - "westus2:a5dc9a57-173e-4fe4-bc66-e76c42c5ab15" + "westus2:0afcc6e2-bef8-4f26-a421-bb1ea08ecca0" ], "x-ms-correlation-request-id": [ - "c63ea6fb-aa53-41c3-a814-6c3265827a99" + "12cbc4b3-529c-4e28-9b28-19e4c4cd06ab" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T214324Z:c63ea6fb-aa53-41c3-a814-6c3265827a99" + "WESTUS2:20190116T193820Z:12cbc4b3-529c-4e28-9b28-19e4c4cd06ab" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -250,10 +250,10 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:43:23 GMT" + "Wed, 16 Jan 2019 19:38:19 GMT" ], "Content-Length": [ - "523" + "526" ], "Content-Type": [ "application/json; charset=utf-8" @@ -265,12 +265,12 @@ "0" ] }, - "ResponseBody": "{\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"260417648226455549\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps8684\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policySetDefinitions/ps841\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"ps841\"\r\n}", + "ResponseBody": "{\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"13715932764746258732\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps832\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policySetDefinitions/ps3937\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"ps3937\"\r\n}", "StatusCode": 200 }, { - "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policysetdefinitions/ps841?api-version=2018-05-01", - "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeXNldGRlZmluaXRpb25zL3BzODQxP2FwaS12ZXJzaW9uPTIwMTgtMDUtMDE=", + "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policysetdefinitions/ps3937?api-version=2018-05-01", + "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeXNldGRlZmluaXRpb25zL3BzMzkzNz9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", "RequestMethod": "GET", "RequestBody": "", "RequestHeaders": { @@ -296,16 +296,16 @@ "Accept-Encoding" ], "x-ms-ratelimit-remaining-tenant-reads": [ - "11988" + "11999" ], "x-ms-request-id": [ - "westus2:bdee918d-10a7-4aed-8384-04c8b959e27a" + "westus2:3d19151c-670b-4d04-bf28-6bbd1d038ccd" ], "x-ms-correlation-request-id": [ - "919d3ec1-8827-4340-876f-affc5923ef4b" + "0ba54c05-b595-4198-ab52-797fcf2ee926" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T214324Z:919d3ec1-8827-4340-876f-affc5923ef4b" + "WESTUS2:20190116T193820Z:0ba54c05-b595-4198-ab52-797fcf2ee926" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -314,10 +314,10 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:43:23 GMT" + "Wed, 16 Jan 2019 19:38:20 GMT" ], "Content-Length": [ - "523" + "526" ], "Content-Type": [ "application/json; charset=utf-8" @@ -329,12 +329,12 @@ "0" ] }, - "ResponseBody": "{\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"260417648226455549\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps8684\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policySetDefinitions/ps841\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"ps841\"\r\n}", + "ResponseBody": "{\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"13715932764746258732\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps832\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policySetDefinitions/ps3937\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"ps3937\"\r\n}", "StatusCode": 200 }, { - "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policysetdefinitions/ps841?api-version=2018-05-01", - "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeXNldGRlZmluaXRpb25zL3BzODQxP2FwaS12ZXJzaW9uPTIwMTgtMDUtMDE=", + "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policysetdefinitions/ps3937?api-version=2018-05-01", + "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeXNldGRlZmluaXRpb25zL3BzMzkzNz9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", "RequestMethod": "GET", "RequestBody": "", "RequestHeaders": { @@ -360,16 +360,16 @@ "Accept-Encoding" ], "x-ms-ratelimit-remaining-tenant-reads": [ - "11990" + "11998" ], "x-ms-request-id": [ - "westus2:111cb68e-e2b4-4f37-b774-ef8ae7846966" + "westus2:944ea93c-8b1f-4027-865d-608826bf2c75" ], "x-ms-correlation-request-id": [ - "9b4ff5eb-6d38-448c-876d-1c04ce14668c" + "0c6fde16-92dc-42d2-a97a-b4ca30251e24" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T214324Z:9b4ff5eb-6d38-448c-876d-1c04ce14668c" + "WESTUS2:20190116T193820Z:0c6fde16-92dc-42d2-a97a-b4ca30251e24" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -378,10 +378,10 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:43:24 GMT" + "Wed, 16 Jan 2019 19:38:19 GMT" ], "Content-Length": [ - "559" + "562" ], "Content-Type": [ "application/json; charset=utf-8" @@ -393,70 +393,9 @@ "0" ] }, - "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"260417648226455549\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps8684\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policySetDefinitions/ps841\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"ps841\"\r\n}", + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"13715932764746258732\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps832\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policySetDefinitions/ps3937\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"ps3937\"\r\n}", "StatusCode": 200 }, - { - "RequestUri": "/subscriptions/d0610b27-9663-4c05-89f8-5b4be01e86a5/providers/Microsoft.Authorization/policysetdefinitions/ps841?api-version=2018-05-01", - "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZDA2MTBiMjctOTY2My00YzA1LTg5ZjgtNWI0YmUwMWU4NmE1L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucy9wczg0MT9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", - "RequestMethod": "GET", - "RequestBody": "", - "RequestHeaders": { - "User-Agent": [ - "AzurePowershell/v1.0.0", - "PSVersion/v6.1.0" - ], - "ParameterSetName": [ - "NameParameterSet" - ], - "CommandName": [ - "Get-AzPolicySetDefinition" - ] - }, - "ResponseHeaders": { - "Cache-Control": [ - "no-cache" - ], - "Pragma": [ - "no-cache" - ], - "x-ms-request-id": [ - "westus2:fb214026-ce3b-42eb-8904-aa5f74a19d7e" - ], - "x-ms-ratelimit-remaining-subscription-reads": [ - "11997" - ], - "x-ms-correlation-request-id": [ - "73abc8e3-61cb-4679-8061-d46854662a08" - ], - "x-ms-routing-request-id": [ - "WESTUS2:20181220T214324Z:73abc8e3-61cb-4679-8061-d46854662a08" - ], - "Strict-Transport-Security": [ - "max-age=31536000; includeSubDomains" - ], - "X-Content-Type-Options": [ - "nosniff" - ], - "Date": [ - "Thu, 20 Dec 2018 21:43:23 GMT" - ], - "Content-Length": [ - "114" - ], - "Content-Type": [ - "application/json; charset=utf-8" - ], - "Expires": [ - "-1" - ], - "Retry-After": [ - "0" - ] - }, - "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicySetDefinitionNotFound\",\r\n \"message\": \"The policy set definition 'ps841' could not be found.\"\r\n }\r\n}", - "StatusCode": 404 - }, { "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policysetdefinitions?api-version=2018-05-01", "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeXNldGRlZmluaXRpb25zP2FwaS12ZXJzaW9uPTIwMTgtMDUtMDE=", @@ -484,17 +423,17 @@ "Vary": [ "Accept-Encoding" ], - "x-ms-correlation-request-id": [ - "e687c1c5-a0ab-443a-bff1-0caabc7a9e96" + "x-ms-ratelimit-remaining-tenant-reads": [ + "11999" ], "x-ms-request-id": [ - "westus2:4fcaa382-1cdd-40e5-9787-4a18c2523981" + "westus2:0df4ec54-8ec1-42d7-a857-3f4f192665e0" ], - "x-ms-ratelimit-remaining-tenant-reads": [ - "11989" + "x-ms-correlation-request-id": [ + "389cfc7b-4914-43ad-8d0c-3d7e2056d61c" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T214324Z:e687c1c5-a0ab-443a-bff1-0caabc7a9e96" + "WESTUS2:20190116T193820Z:389cfc7b-4914-43ad-8d0c-3d7e2056d61c" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -503,10 +442,10 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:43:24 GMT" + "Wed, 16 Jan 2019 19:38:20 GMT" ], "Content-Length": [ - "71239" + "71789" ], "Content-Type": [ "application/json; charset=utf-8" @@ -518,12 +457,12 @@ "0" ] }, - "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Monitoring in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor system updates\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor OS vulnerabilities\",\r\n \"description\": \"Enable or disable OS vulnerabilities monitoring (based on a configured baseline)\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor endpoint protection\",\r\n \"description\": \"Enable or disable endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disk encryption\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor network security groups\",\r\n \"description\": \"Enable or disable monitoring of network security groups with permissive rules\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webApplicationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor web application firewall\",\r\n \"description\": \"Enable or disable the monitoring of unprotected web applications\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Next Generation Firewall (NGFW) monitoring\",\r\n \"description\": \"Enable or disable monitoring network endpoints without a Next Generation Firewall\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor vulnerability assesment\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"storageEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor storage blob encryption\",\r\n \"description\": \"Enable or disable the monitoring of blob encryption for storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor JIT network access\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor application whitelisting\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL Servers auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL Servers\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInAppServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure App Services\",\r\n \"description\": \"Enable or disable the monitoring of diagnostics logs in Azure App Services\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"encryptionOfAutomationAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor encryption of automation accounts\",\r\n \"description\": \"Enable or disable the monitoring of automation account encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"metricAlertsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor metric alerts in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of metric alerts in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic compute VMs\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"classicStorageAccountsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of classic storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Analytics accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Analytics accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Store accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Store accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Event Hub accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInKeyVaultMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Key Vault vaults\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Key Vault vaults\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInKeyVaultRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Key Vault vaults\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Logic Apps workflows\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInLogicAppsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Redis Cache\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Redis Cache\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Search service\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Azure Active Directory authentication in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"clusterProtectionLevelInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor cluster protection level in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of cluster protection level in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Bus\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Bus\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceBusRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Service Bus\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Service Bus namespace authorization rules\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the provisioning of an Azure AD admininistrator for SQL server\",\r\n \"description\": \"Enable or disable the monitoring of an Azure AD admininistrator for SQL server\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the secure transfer to storage account\",\r\n \"description\": \"Enable or disable the monitoring of secure transfer to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Stream Analytics\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Stream Analytics\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Stream Analytics\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"useRbacRulesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor of using built-in RBAC rules\",\r\n \"description\": \"Enable or disable the monitoring of using built-in RBAC rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disabling of unrestricted network access to storage account\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"accessRulesInEventHubNamespaceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hub namespaces\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hub namespaces\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"accessRulesInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hubs\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL vulnerability assessment results\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor maximum number of owners\",\r\n \"description\": \"Enable or disable the monitoring of maximum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor minimus number of owners\",\r\n \"description\": \"Enable or disable the monitoring of minimum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Function App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Web App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Function App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Web App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for API App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Function App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Web App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in API App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in function App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in Web App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Function\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Function\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Web\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in API App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Function App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Web App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in API App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in Web App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in API App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestNodeJsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Node.js in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Node.js version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in API App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in Web App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in API App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use of DDoS protection for virtual network\",\r\n \"description\": \"Enable or disable the monitoring of DDoS protection for virtual network\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubNamespaceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"useRbacRulesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('useRbacRulesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInStreamAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"secureTransferToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('secureTransferToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInSqlServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInSqlServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"clusterProtectionLevelInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInRedisCacheMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInKeyVaultMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeStoreMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicStorageAccountsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicStorageAccountsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteStart\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteStartEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteComplete\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteCompleteEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"encryptionOfAutomationAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('encryptionOfAutomationAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInAppServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInAppServiceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"storageEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('storageEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemConfigurationsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemConfigurationsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('endpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webApplicationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webApplicationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateLessThanOwnersMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateLessThanOwnersMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateMoreThanOneOwnerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestNodeJsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestNodeJsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vnetEnableDDoSProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vnetEnableDDoSProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"25ef9b72-4af2-4501-acd1-fc814e73dde1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Password security settings inside Linux and Windows virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This policy will audit password security settings inside Linux and Windows virtual machines. For a list of individual settings, please follow the aka.ms link to Azure Policy documentation.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55f3eceb-5573-4f18-9695-226972c6d74a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"75714362-cae7-409e-9b99-a8e5075b7fad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web server security settings inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This initiative will both deploy the VM extension and audit web server security settings inside Windows VMs.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8bc55e6b-e9d5-4266-8dac-f688d151ec9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Data Protection Suite\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c937dcb4-4398-4b39-8d63-4a6be432252e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d7fff7ea-9d47-4952-b854-b7da261e48f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f48bcc78-5400-4fb0-b913-5140a2e5fa20\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"260417648226455549\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps8684\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policySetDefinitions/ps841\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"ps841\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test init2\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9388605824103837052\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/20929e43-ae09-4aac-b8ce-05a42434a1ec\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"London\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"15255467709018494198\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/c8a0e9e0-f0e9-4d4c-8214-aace6218110e\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"London\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovTest5/providers/Microsoft.Authorization/policySetDefinitions/21e27984-a6b2-43de-a786-643b7df0c0b2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"21e27984-a6b2-43de-a786-643b7df0c0b2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test init\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"allowedLocations\": \"/providers/Microsoft.Management/managementGroups/AzGovTest5\",\r\n \"listOfAllowedSKUs\": \"/subscriptions/72930a30-8e57-4e97-98fe-02c1023ab43a\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"11677931907622429588\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/AzGovTest3/providers/Microsoft.Authorization/policyDefinitions/99b560dc-8924-4ba4-8467-adf1fdf04660\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"17175752026273514153\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/AzGovTest5/providers/Microsoft.Authorization/policyDefinitions/e1d7de9f-42f0-4af1-9ee0-0187bfce08d5\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"australiacentral\",\r\n \"australiacentral2\",\r\n \"australiaeast\",\r\n \"australiasoutheast\",\r\n \"brazilsouth\",\r\n \"canadacentral\",\r\n \"canadaeast\",\r\n \"centralindia\",\r\n \"centralus\",\r\n \"eastasia\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"francecentral\",\r\n \"francesouth\",\r\n \"global\",\r\n \"japaneast\",\r\n \"japanwest\",\r\n \"koreacentral\",\r\n \"koreasouth\",\r\n \"northcentralus\",\r\n \"northeurope\",\r\n \"southcentralus\",\r\n \"southindia\",\r\n \"southeastasia\",\r\n \"uksouth\",\r\n \"ukwest\",\r\n \"westcentralus\",\r\n \"westeurope\",\r\n \"westindia\",\r\n \"westus\",\r\n \"westus2\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"17602706772987440385\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/AzGovTest3/providers/Microsoft.Authorization/policyDefinitions/ced9d1e5-109c-4e0b-a447-afbf649db203\",\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"value\": [\r\n \"Premium_LRS\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"9371630468206030356\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/AzGovTest3/providers/Microsoft.Authorization/policyDefinitions/ced9d1e5-109c-4e0b-a447-afbf649db22a\",\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"value\": [\r\n \"Standard_A8m_v2\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovTest5/providers/Microsoft.Authorization/policySetDefinitions/8a3978dc-2d90-477d-91e6-8746066f9061\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8a3978dc-2d90-477d-91e6-8746066f9061\"\r\n }\r\n ]\r\n}", + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Monitoring in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor system updates\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor OS vulnerabilities\",\r\n \"description\": \"Enable or disable OS vulnerabilities monitoring (based on a configured baseline)\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor endpoint protection\",\r\n \"description\": \"Enable or disable endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disk encryption\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor network security groups\",\r\n \"description\": \"Enable or disable monitoring of network security groups with permissive rules\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webApplicationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor web application firewall\",\r\n \"description\": \"Enable or disable the monitoring of unprotected web applications\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Next Generation Firewall (NGFW) monitoring\",\r\n \"description\": \"Enable or disable monitoring network endpoints without a Next Generation Firewall\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor vulnerability assesment\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"storageEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor storage blob encryption\",\r\n \"description\": \"Enable or disable the monitoring of blob encryption for storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor JIT network access\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor application whitelisting\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL encryption\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL Servers auditing\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL Servers\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInAppServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure App Services\",\r\n \"description\": \"Enable or disable the monitoring of diagnostics logs in Azure App Services\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"encryptionOfAutomationAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor encryption of automation accounts\",\r\n \"description\": \"Enable or disable the monitoring of automation account encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"metricAlertsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor metric alerts in Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of metric alerts in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic compute VMs\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"classicStorageAccountsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor classic storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of classic storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Analytics accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Analytics accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Data Lake Store accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Store accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Event Hub accounts\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInKeyVaultMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Key Vault vaults\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Key Vault vaults\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInKeyVaultRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Key Vault vaults\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Logic Apps workflows\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInLogicAppsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Redis Cache\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Redis Cache\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure Search service\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Azure Active Directory authentication in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"clusterProtectionLevelInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor cluster protection level in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of cluster protection level in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Bus\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Bus\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceBusRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Service Bus\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Service Bus namespace authorization rules\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the provisioning of an Azure AD admininistrator for SQL server\",\r\n \"description\": \"Enable or disable the monitoring of an Azure AD admininistrator for SQL server\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the secure transfer to storage account\",\r\n \"description\": \"Enable or disable the monitoring of secure transfer to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Stream Analytics\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Stream Analytics\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Stream Analytics\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"useRbacRulesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor of using built-in RBAC rules\",\r\n \"description\": \"Enable or disable the monitoring of using built-in RBAC rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disabling of unrestricted network access to storage account\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Service Fabric\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"accessRulesInEventHubNamespaceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hub namespaces\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hub namespaces\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"accessRulesInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor access rules in Event Hubs\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor SQL vulnerability assessment results\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor maximum number of owners\",\r\n \"description\": \"Enable or disable the monitoring of maximum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor minimus number of owners\",\r\n \"description\": \"Enable or disable the monitoring of minimum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor MFA for accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove deprecated accounts\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with owner permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with write permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor remove external accounts with read permissions\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Function App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Web App\",\r\n \"description\": \"Enable or disable the monitoring of IP restrictions for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Function App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable remote debugging for Web App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for API App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Function App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Web App\",\r\n \"description\": \"Enable or disable the monitoring of web sockets for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in API App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in function App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the use of HTTPS in Web App\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Function\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Function\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the CORS restrictions for API Web\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in API App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Function App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Web App\",\r\n \"description\": \"Enable or disable the monitoring of custom domain use in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in API App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in Web App\",\r\n \"description\": \"Enable or disable the monitoring of .Net version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in API App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Java version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestNodeJsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Node.js in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Node.js version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in API App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in Web App\",\r\n \"description\": \"Enable or disable the monitoring of PHP version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in API App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in Web App\",\r\n \"description\": \"Enable or disable the monitoring of Python version in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use of DDoS protection for virtual network\",\r\n \"description\": \"Enable or disable the monitoring of DDoS protection for virtual network\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in IoT Hubs\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in IoT Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in IoT Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInIoTHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubNamespaceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"useRbacRulesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('useRbacRulesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInStreamAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"secureTransferToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('secureTransferToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInSqlServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInSqlServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"clusterProtectionLevelInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInRedisCacheMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInKeyVaultMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeStoreMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicStorageAccountsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicStorageAccountsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteStart\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteStartEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"encryptionOfAutomationAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('encryptionOfAutomationAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInAppServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInAppServiceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"storageEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('storageEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemConfigurationsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemConfigurationsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('endpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webApplicationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webApplicationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateLessThanOwnersMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateLessThanOwnersMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateMoreThanOneOwnerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppConfigureIPRestrictionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppConfigureIPRestrictionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableWebSocketsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableWebSocketsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedCustomDomainsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedCustomDomainsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestDotNetMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestDotNetMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestJavaMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestJavaMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestNodeJsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestNodeJsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPHPMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPHPMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUsedLatestPythonMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUsedLatestPythonMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vnetEnableDDoSProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vnetEnableDDoSProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"25ef9b72-4af2-4501-acd1-fc814e73dde1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Password security settings inside Linux and Windows virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This policy will audit password security settings inside Linux and Windows virtual machines. For a list of individual settings, please follow the aka.ms link to Azure Policy documentation.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55f3eceb-5573-4f18-9695-226972c6d74a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"75714362-cae7-409e-9b99-a8e5075b7fad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit web server security settings inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"http://aka.ms/gcpol. This initiative will both deploy the VM extension and audit web server security settings inside Windows VMs.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8bc55e6b-e9d5-4266-8dac-f688d151ec9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Data Protection Suite\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c937dcb4-4398-4b39-8d63-4a6be432252e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Windows virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name (supports wildcard)\",\r\n \"description\": \"Application name. Example: 'Microsoft SQL Server 2014 (64-bit)' or 'Microsoft SQL Server 2014*' to match any application starting with 'Microsoft SQL Server 2014'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d7fff7ea-9d47-4952-b854-b7da261e48f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit that an application is not installed inside Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative will both deploy the policy requirements and audit that the specified application is not installed inside Linux virtual machines. For more information on guest configuration policies, please visit http://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application name\",\r\n \"description\": \"Application name. Example: 'python' or 'powershell'.\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f48bcc78-5400-4fb0-b913-5140a2e5fa20\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"13715932764746258732\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps832\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policySetDefinitions/ps3937\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"ps3937\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test init2\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {},\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"9388605824103837052\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/20929e43-ae09-4aac-b8ce-05a42434a1ec\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"London\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"15255467709018494198\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/c8a0e9e0-f0e9-4d4c-8214-aace6218110e\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"London\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovTest5/providers/Microsoft.Authorization/policySetDefinitions/21e27984-a6b2-43de-a786-643b7df0c0b2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"21e27984-a6b2-43de-a786-643b7df0c0b2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"test init\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"parameterScopes\": {\r\n \"allowedLocations\": \"/providers/Microsoft.Management/managementGroups/AzGovTest5\",\r\n \"listOfAllowedSKUs\": \"/subscriptions/72930a30-8e57-4e97-98fe-02c1023ab43a\"\r\n }\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"11677931907622429588\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/AzGovTest3/providers/Microsoft.Authorization/policyDefinitions/99b560dc-8924-4ba4-8467-adf1fdf04660\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"17175752026273514153\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/AzGovTest5/providers/Microsoft.Authorization/policyDefinitions/e1d7de9f-42f0-4af1-9ee0-0187bfce08d5\",\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"value\": [\r\n \"australiacentral\",\r\n \"australiacentral2\",\r\n \"australiaeast\",\r\n \"australiasoutheast\",\r\n \"brazilsouth\",\r\n \"canadacentral\",\r\n \"canadaeast\",\r\n \"centralindia\",\r\n \"centralus\",\r\n \"eastasia\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"francecentral\",\r\n \"francesouth\",\r\n \"global\",\r\n \"japaneast\",\r\n \"japanwest\",\r\n \"koreacentral\",\r\n \"koreasouth\",\r\n \"northcentralus\",\r\n \"northeurope\",\r\n \"southcentralus\",\r\n \"southindia\",\r\n \"southeastasia\",\r\n \"uksouth\",\r\n \"ukwest\",\r\n \"westcentralus\",\r\n \"westeurope\",\r\n \"westindia\",\r\n \"westus\",\r\n \"westus2\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"17602706772987440385\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/AzGovTest3/providers/Microsoft.Authorization/policyDefinitions/ced9d1e5-109c-4e0b-a447-afbf649db203\",\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"value\": [\r\n \"Premium_LRS\"\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"9371630468206030356\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/AzGovTest3/providers/Microsoft.Authorization/policyDefinitions/ced9d1e5-109c-4e0b-a447-afbf649db22a\",\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"value\": [\r\n \"Standard_A8m_v2\"\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovTest5/providers/Microsoft.Authorization/policySetDefinitions/8a3978dc-2d90-477d-91e6-8746066f9061\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8a3978dc-2d90-477d-91e6-8746066f9061\"\r\n }\r\n ]\r\n}", "StatusCode": 200 }, { - "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policysetdefinitions/ps841?api-version=2018-05-01", - "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeXNldGRlZmluaXRpb25zL3BzODQxP2FwaS12ZXJzaW9uPTIwMTgtMDUtMDE=", + "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policysetdefinitions/ps3937?api-version=2018-05-01", + "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeXNldGRlZmluaXRpb25zL3BzMzkzNz9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", "RequestMethod": "DELETE", "RequestBody": "", "RequestHeaders": { @@ -552,13 +491,13 @@ "14999" ], "x-ms-request-id": [ - "westus2:cf3359ca-8bd0-44d6-97c2-7310799c1626" + "westus2:b2a932e3-b116-449b-bd05-5b8b02b1e886" ], "x-ms-correlation-request-id": [ - "cfad1958-3a17-4d9a-8e38-bbaa8c1cb120" + "6890989f-06e8-4e60-b4eb-5bd3d5deb907" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T214326Z:cfad1958-3a17-4d9a-8e38-bbaa8c1cb120" + "WESTUS2:20190116T193821Z:6890989f-06e8-4e60-b4eb-5bd3d5deb907" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -567,10 +506,10 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:43:25 GMT" + "Wed, 16 Jan 2019 19:38:21 GMT" ], "Content-Length": [ - "559" + "562" ], "Content-Type": [ "application/json; charset=utf-8" @@ -582,12 +521,12 @@ "0" ] }, - "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"260417648226455549\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps8684\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policySetDefinitions/ps841\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"ps841\"\r\n}", + "ResponseBody": "{\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"13715932764746258732\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps832\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policySetDefinitions/ps3937\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"ps3937\"\r\n}", "StatusCode": 200 }, { - "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policydefinitions/ps8684?api-version=2018-05-01", - "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeWRlZmluaXRpb25zL3BzODY4ND9hcGktdmVyc2lvbj0yMDE4LTA1LTAx", + "RequestUri": "/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policydefinitions/ps832?api-version=2018-05-01", + "EncodedRequestUri": "L3Byb3ZpZGVycy9NaWNyb3NvZnQuTWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL0F6R292VGVzdDcvcHJvdmlkZXJzL01pY3Jvc29mdC5BdXRob3JpemF0aW9uL3BvbGljeWRlZmluaXRpb25zL3BzODMyP2FwaS12ZXJzaW9uPTIwMTgtMDUtMDE=", "RequestMethod": "DELETE", "RequestBody": "", "RequestHeaders": { @@ -613,16 +552,16 @@ "Accept-Encoding" ], "x-ms-ratelimit-remaining-tenant-deletes": [ - "14998" + "14999" ], "x-ms-request-id": [ - "westus2:9a3f3b56-f223-418c-b84e-ac09bf032cda" + "westus2:99f8c022-ffbb-4707-8b72-a2b4c2366d24" ], "x-ms-correlation-request-id": [ - "866dca1e-494e-4190-92dd-802a9365a219" + "ab3055f1-49f7-4457-a2f9-c4e923283f08" ], "x-ms-routing-request-id": [ - "WESTUS2:20181220T214327Z:866dca1e-494e-4190-92dd-802a9365a219" + "WESTUS2:20190116T193822Z:ab3055f1-49f7-4457-a2f9-c4e923283f08" ], "Strict-Transport-Security": [ "max-age=31536000; includeSubDomains" @@ -631,10 +570,10 @@ "nosniff" ], "Date": [ - "Thu, 20 Dec 2018 21:43:26 GMT" + "Wed, 16 Jan 2019 19:38:22 GMT" ], "Content-Length": [ - "446" + "444" ], "Content-Type": [ "application/json; charset=utf-8" @@ -646,14 +585,14 @@ "0" ] }, - "ResponseBody": "{\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps8684\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps8684\"\r\n}", + "ResponseBody": "{\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/ps832\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps832\"\r\n}", "StatusCode": 200 } ], "Names": { "Test-PolicySetDefinitionCRUDAtManagementGroup": [ - "ps841", - "ps8684" + "ps3937", + "ps832" ] }, "Variables": { diff --git a/src/Resources/Resources/ChangeLog.md b/src/Resources/Resources/ChangeLog.md index 5812f44a6b92..32a097c31874 100644 --- a/src/Resources/Resources/ChangeLog.md +++ b/src/Resources/Resources/ChangeLog.md @@ -19,6 +19,9 @@ --> ## Upcoming Release * Fix incorrect examples in `New-AzADAppCredential` and `New-AzADSpCredential` reference documentation +* Az.Resources: Correct documentation for New-AzureRmPolicyDefinition -Mode default value +* Az.Resources: Fix for issue https://github.com/Azure/azure-powershell/issues/7522 +* Az.Resources: Fix for issue https://github.com/Azure/azure-powershell/issues/5747 * Fix formatting issue with `PSResourceGroupDeployment` object - More information here: https://github.com/Azure/azure-powershell/issues/2123 diff --git a/src/Resources/Resources/help/New-AzPolicyDefinition.md b/src/Resources/Resources/help/New-AzPolicyDefinition.md index 59dec5653222..5ee9f700b1a8 100644 --- a/src/Resources/Resources/help/New-AzPolicyDefinition.md +++ b/src/Resources/Resources/help/New-AzPolicyDefinition.md @@ -206,7 +206,7 @@ Accepted values: Indexed, All Required: False Position: Named -Default value: None +Default value: All Accept pipeline input: True (ByPropertyName) Accept wildcard characters: False ```